article image

You may think someone using your online identity to create a fake account doesn’t really have long-term consequences, but it can. Here’s how.

What is social media impersonation?

Quite simply, its digital identity theft. Cyber-criminals create a profile on a social platform using an individual’s personal information to trick others into thinking the fake profile belongs to a real person who they can trust. The end goal is to exploit those who interact with the fake account. Scammers impersonate both individuals and companies.

There are several different types of scams.

  • Personal account impersonation

Criminals create a new, fake profile using personal information gathered from an existing profile.

  • Account hijacking

Criminals break into legitimate accounts and use them to distribute malicious or fraudulent content. 

  • Fake accounts or bots

A bot is a software application that runs automated tasks online. Bots are used to create numerous fake accounts quickly. This activity is virtually unrestricted as regulations aren’t in place to cover the implications of bot accounts on social platforms. 

  • Executive impersonation

This involves duplicating the identity of business executives so criminals can interact with people inside the target’s company and with potential business partners.

  • Brand impersonation

Using trademarked content, fraudsters set up fake business pages, engage in conversations with genuine social media users, run fake promos and respond to customer support questions.  

What to do if you get hacked

It is easy for cyber-criminals to break into social media accounts. They use personal information gained from data breaches. Credential stuffing or brute-forcing is where a hacker tries multiple combinations of usernames and passwords against your accounts.  They also use timing effectively to avoid being detected by the social platforms’ automated security systems. Phishing is also a common tactic used to gain control of social media accounts. The link usually leads to a fake page that asks you to fill in your username and password. Unfortunately, once your data is out there, there’s no way to reverse the process. 

Here's what you need to do to minimise the damage:

  • Take screenshots of the fake profile
  • Do NOT contact the imposter
  • Warn your friends, colleagues, and contacts so they can act with caution
  • Report the impersonation to the social platforms support section
  • Check your accounts where you have used the same login credentials and change all your login passwords
  • Report it to the police

Rely on common sense

Your best defence is common sense. The risk of impersonation on social platforms is bound to increase as synthetic, AI-generated content gives criminals new tools to manipulate users. Choose difficult passwords and keep an eye on your profile. Act quickly if you think you have been hacked.

Stay updated on the latest scams. At Sasfin we will continue to provide valuable information to keep you informed.

About the Author

Del Van Rooyen
Chief Information Security Officer, Sasfin Bank