CISPA
Browse
- No file added yet -

The Imitation Game: Exploring Brand Impersonation Attacks on Social Media Platforms

Download (938.49 kB)
conference contribution
posted on 2024-10-01, 12:08 authored by Bhupendra AcharyaBhupendra Acharya, Dario Lazzaro, Efren Lopez-Morales, Adam Oest, Muhammad Saad, Antonio Emanuele Cinà, Lea SchönherrLea Schönherr, Thorsten HolzThorsten Holz
The rise of social media users has led to an increase in customer support services offered by brands on various platforms. Unfortunately, attackers also use this as an opportunity to trick victims through fake profiles that imitate official brand accounts. In this work, we provide a comprehensive overview of such brand impersonation attacks on social media. We analyze the fake profile creation and user engagement processes on X, Instagram, Telegram, and YouTube and quantify their impact. Between May and October 2023, we collected 1.3 million user profiles, 33 million posts, and publicly available profile metadata, wherein we found 349,411 squatted accounts targeting 2,625 of 2,847 major international brands. Analyzing profile engagement and user creation techniques, we show that squatting profiles persistently perform various novel attacks in addition to classic abuse such as social engineering, phishing, and copyright infringement. By sharing our findings with the top 100 brands and collaborating with one of them, we further validate the real-world implications of such abuse. Our research highlights a weakness in the ability of social media platforms to protect brands and users from attacks based on username squatting. Alongside strategies such as customer education and clear indicators of trust, our detection model can be used by platforms as a countermeasure to proactively detect abusive accounts.

History

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

Usenix Security Symposium (USENIX-Security)

Journal

USENIX Security Symposium

BibTeX

@conference{Acharya:Lazzaro:Lopez-Morales:Oest:Saad:Cinà:Schönherr:Holz:2024, title = "The Imitation Game: Exploring Brand Impersonation Attacks on Social Media Platforms", author = "Acharya, Bhupendra" AND "Lazzaro, Dario" AND "Lopez-Morales, Efren" AND "Oest, Adam" AND "Saad, Muhammad" AND "Cinà, Antonio Emanuele" AND "Schönherr, Lea" AND "Holz, Thorsten", year = 2024, month = 8, journal = "USENIX Security Symposium" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC