Recently, a number of brands have approached our threat response team about social media impersonation against executives at their companies.
Scammers impersonating an executive on social media is a form of digital identity theft. It aims to exploit an executive’s reputation to gather victims’ sensitive data, including credentials and financial information. Or to discredit an executive or brand. Handling these incidents gets especially tricky when a company executive does not have an established social media presence.
SOCIAL MEDIA SPOOFS
The Social Media-Averse Executive Dilemma
In one case, a CISO sought guidance on taking down accounts on Facebook and Instagram, impersonating an executive who did not have nor want accounts on either platform. This is common. We help several brands with executive impersonation where the executive has no intention of creating or nurturing a presence on social media platforms.
And, without an authentic pre-existing account to point social media abuse teams to, social media platforms are slower to act.
Currently, our top-tier takedown team observes that X/Twitter and LinkedIn handle these cases more efficiently.
While it’s speculation, our team suspects that recent lags in abuse responsiveness from Facebook and Instagram might be due to Meta’s increased focus on its verified account programs. It is also possibly prioritizing the takedown of spoofs related to verified accounts.
In the past, prompting Facebook or Instagram to take action on a spoof involved having the impersonation victim (the executive) take a selfie in a mirror while holding a government-issued ID. However, Meta abuse teams are not taking action as swiftly as they once did.
X and LinkedIn taking action more quickly typically result in shorter takedown times than Facebook and Instagram. However, these takedown timeframes ebb and flow over time as each platform continuously updates its account verification policies.
Proactive Measures Against Executive Impersonation on Social Media
Stay Vigilant & Up-to-Date to Combat Online Executive Impersonations
Another tip that might work for brands that advertise on social media is to imply the potential withdrawal of their advertising spend.
For example, when one prominent brand reported impersonations of an executive who lacked a social media presence, they didn’t see results initially. However, after contacting their advertising sales representative, action was quickly taken to remove the spoof accounts.
Indeed, this was a significant brand, probably with a substantial advertising budget. Brands with smaller spending might experience a different outcome, but it may be worth a try. When some platforms sense that advertising revenue is at stake, they become more responsive.
Establishing ownership of accounts associated with your brand, executives, etc. on social media is crucial for swift enforcement/takedown.
Some executives prefer not to maintain accounts on social media platforms. Creating accounts for such executives, even if they remain inactive, goes a long way in streamlining the response to impersonations of that executive. Most platforms ask for a link to an authentic profile as part of the impersonation reporting process. You may also decide to go as far as completing the social media platform’s verification process for that account.
In general, having a verified account for an executive will accelerate the takedown of social media impersonations.
Here listed are the verification processes for various social media platforms:
Meta (FaceBook and Instagram) Account Verification
LinkedIn Verification
X/Twitter Verification