In Q4, impersonation threats made up more than 45% of total attacks on social media, with the vast majority targeting banking and financial services. Impersonation on social media continues to grow, with threats specifically targeting corporate executives responsible for driving the majority of volume for three consecutive quarters.
The average number of social media attacks per business has declined slightly over the course of 2023. Numbers peaked during the beginning of the year, with the average business experiencing 83 attacks in January, eventually dropping to 57 in December. Businesses were targeted in just over 63 attacks per month in all of Q4.
Fortra analyzes hundreds of thousands of social media attacks every quarter to identify the top threats targeting enterprises, their brands, and their employees. In this post, we take a look at the top confirmed threats detected on social media and the industries most prone to attack.
Top Threat Types on Social Platforms
In Q4, impersonation was the top threat type used by threat actors to target organizations, making up more than 45% of share of total volume. This is the second consecutive quarter that impersonation has led all other attack categories.
Impersonation can take the form of an account or page impersonating a brand, executive, or employee. While threat actors have historically focused on masquerading as brands to entice victims to engage with them online or click on a lure, executive attacks have increasingly been the go-to approach. In fact, fake executive profiles have surpassed brand and employee for three consecutive quarters, with volume reaching an all-time high in Q3.
Fraud attacks jumped from the third spot in Q3 to the second after a nearly 10% quarter-over-quarter increase. Fraud contributed to 28% of share of threat volume. Cyber threats, including employment or giveaway scams, were less in favor and declined 9.5%. This bumped the threat type to third place.
Other top threat types include:
-
Counterfeit 3.95% (-4.8%)
-
Physical Threat 1.34% (+0.6%)
-
Data Leak 0.44% (-0.1%)
Top Targeted Industries
In Q4, threat actors overwhelmingly targeted financial institutions, with about 85% of attacks preying on banks, financial services, credit unions, or payment services. Banking in particular was the most targeted across all industries on social media, making up nearly 54% of incidents. This is the greatest share of volume for the industry since Fortra’s reporting on this data point.
Financial services jumped a whopping 16% of share of volume quarter-over-quarter, moving the category from the fourth spot to the second. Financial services contributed to 26.4% of activity.
Credit unions and payment services both experienced increases in attacks in Q4, making up 2.9% and 2.0% of total volume, respectively.
Of the industries not associated with finance, attacks targeting the retail industry declined over the course of 2023, wrapping up Q4 with 5.3% of share of volume. Despite this, retail was still the third most targeted industry and the top non-financial target. The technology sector made it to the top six for the first time, with just under 2% of attack volume.
Threat actors are increasingly using social channels to scam unsuspecting customers with falsely-branded pages and messages. Specifically, organizations should give heightened attention to executive impersonation, as the fake profiles of high-level individuals are being used to engage with online users at a greater frequency than we’ve seen. Banks and other financial institutions saw the most abuse in the latter half of 2023, and should tailor security priorities to include visibility and mitigation best practices on social platforms in the new year.
Learn more about how to protect your organization on social channels with Fortra's Social Media Protection.