The Imitation Game: Exploring Brand Impersonation Attacks on Social Media Platforms

Authors: 

Bhupendra Acharya, CISPA Helmholtz Center for Information Security; Dario Lazzaro, University of Genoa; Efrén López-Morales, Texas A&M University-Corpus Christi; Adam Oest and Muhammad Saad, PayPal Inc.; Antonio Emanuele Cinà, University of Genoa; Lea Schönherr and Thorsten Holz, CISPA Helmholtz Center for Information Security

Abstract: 

The rise of social media users has led to an increase in customer support services offered by brands on various platforms. Unfortunately, attackers also use this as an opportunity to trick victims through fake profiles that imitate official brand accounts. In this work, we provide a comprehensive overview of such brand impersonation attacks on social media.

We analyze the fake profile creation and user engagement processes on X, Instagram, Telegram, and YouTube and quantify their impact. Between May and October 2023, we collected 1.3 million user profiles, 33 million posts, and publicly available profile metadata, wherein we found 349,411 squatted accounts targeting 2,625 of 2,847 major international brands. Analyzing profile engagement and user creation techniques, we show that squatting profiles persistently perform various novel attacks in addition to classic abuse such as social engineering, phishing, and copyright infringement. By sharing our findings with the top 100 brands and collaborating with one of them, we further validate the real-world implications of such abuse. Our research highlights a weakness in the ability of social media platforms to protect brands and users from attacks based on username squatting. Alongside strategies such as customer education and clear indicators of trust, our detection model can be used by platforms as a countermeasure to proactively detect abusive accounts.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {299812,
author = {Bhupendra Acharya and Dario Lazzaro and Efr{\'e}n L{\'o}pez-Morales and Adam Oest and Muhammad Saad and Antonio Emanuele Cin{\`a} and Lea Sch{\"o}nherr and Thorsten Holz},
title = {The Imitation Game: Exploring Brand Impersonation Attacks on Social Media Platforms},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {4427--4444},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/acharya},
publisher = {USENIX Association},
month = aug
}