Social media has become an integral part of life for an overwhelming amount of the population. A recent survey found that one in four British teens felt they would not have enjoyed the Christmas festivities without it.
And it’s not just teens that are hooked. Two hours is now the average amount of time an individual spends browsing social media per day, according to reports. Unsurprisingly, this figure is not expected to plummet any time soon.
Of course, social media is great for sharing experiences and keeping up to date with news. But unbeknown to most, it also has risks, and the amount of cyberattacks and infiltration through social media is growing.
Consider, for example, that Russian hackers reportedly broke into the computer of a Pentagon official – through his Twitter account. A link in a Twitter post offering the bait of an attractive-looking holiday offer was the means used to gain access.
More education is needed, not only around being careful with links or content that is shared by others but also around the information that users reveal when posting, such as their location or other personal information including dates of birth, addresses or even phone numbers.
Fraudsters can collect and exploit this information for identity theft – potentially making purchases or carrying out transactions that the real user knows nothing about. Identity fraud has risen significantly with social media as the ‘hunting ground’, according to fraud prevention service Cifas. This is because people tend to be more trusting on social media, perhaps because they feel that they are ‘amongst friends’ and in a sharing environment but they need to be aware of the risks and adapt their behaviour accordingly.
Here are four common ways that the cyber threat is being played out on social media platforms:
Spear phishing – sending malicious links or files through a social media post.
Authentication credentials – stealing the customer’s authentication details at login, often through having installed a keylogger on their device (perhaps through a spear phishing attack as above).
False flag attacks – again, this revolves around stealing a user’s login details usually by sending a fake request for a password reset or other authentication activity.
Subscription renewals – capturing credit card details by sending fake messages to subscribers telling them to renew. As ActionFraud warned, this has been happening with WhatsApp – even though the service stopped charging its subscription fee in 2016.
Consequently, a question arises whether financial institutions have a role to play in helping customers protect their privacy and identity online?
Banks already offer education to customers around remaining safe online through videos, TV adverts and online guides. However, could they go further? The financial cost of Identity fraud for banks is huge – in the US alone, reports estimate it cost consumers $16bn last year – and Experian estimates that a case of ID theft can take 300 hours to set things straight again.
Educating, and helping to detect and resolve incidents of ID theft through social media and online activities could provide extra protection and peace of mind for their customers, which would help to build a deeper connection and create a competitive advantage.
There are tools that can help banks raise awareness amongst their customers of the risks of social media and more broadly online. For example, Affinion works with financial institutions to provide customers with ID theft detection services that can scan the public and dark web and warn them in advance of possible threats.
However, should the worst happen and a person fall victim to an attack, they can also help provide support in resolving issue too, in the form of an ID theft helpline, legal assistance and a resolution service. Not only does this help customers in a time of need, but it also aids the customer engagement journey – positioning the bank as an organisation that’s supportive when it matters.
Indeed, Affinion’s Connected Customer research found that customers whose bank provides everyday assistance or protection related products in addition to core services are more likely to have a higher engagement score – with customers staying longer and spending more.
The threat of ID theft via social media is very real and given that it’s estimated there will be 2.77 billion social media users around the globe by 2019, there’s a need for greater education, protection and assistance.
By helping people take pre-emptive action to reduce the risk of cyber crime, there’s a real opportunity for businesses to not only improve customer engagement but become an organisation of huge value and more importantly, one that their customers trust.