Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business Resilience

CISOs aren’t doing enough to mitigate social media fraud

By Yoav Keren
social media apps on iphone
December 28, 2021

The cybercrime landscape has changed significantly over the past few years. Most CISOs are aware of headline-grabbing threats like ransomware and crypto scams, but comparatively few have kept up with shifting tactics in one of the oldest cyberattack vectors: phishing.

Attackers have become more sophisticated at impersonating organizations and their employees on websites and social media platforms, and the FBI consistently ranks phishing as the most prevalent form of internet crime. In the FBI’s most recent Internet Crime Report, it counted more than 241,000 phishing victims over the last year, which accounts for a full third of all reported internet crime and is more than double the number of victims of the second most prevalent internet crime.

Survey data from our External Threat Protection Test reveals that the majority of CISOs aren’t doing nearly enough to protect their organization from phishing. No organization can be too vigilant fighting against impersonators attempting to access company, employee or customer data. Understanding how the phishing landscape has changed is the first step toward building an effective defense.

You can’t protect what you don’t see

When it comes to phishing, the days of Nigerian princes and long lost aunts are fading into history. Today, most security-minded organizations regularly run phishing audits to identify weak spots in their defenses. This forces cyberattackers to adopt new strategies, many of which still frequently go unnoticed by businesses. Four key phishing methods have seen a significant increase in activity: website phishing, executive impersonation, whaling attacks and social media phishing.

Website phishing includes a broad range of activities such as registering domains associated with the company and designing fraudulent websites with the company’s trademark. In this way, attackers aim to trick unwitting visitors into clicking malicious links or providing personal information. While fraudulent websites are nothing new, what has changed is the pace of their deployment. Today, an estimated 1.5 million phishing sites are created every month, and the majority of sites exist for less than 24 hours to avoid old detection methods like URL blacklists.

Executive impersonation involves an attacker posing as a CEO or another leader within an organization in an attempt to extract sensitive information from other employees. This threat vector has become particularly important as organizations embrace remote or hybrid work environments where digital communication increasingly replaces face-to-face interactions. In fact, data suggests that executive impersonation attacks have skyrocketed since the beginning of the global pandemic with a 131% increase between the first quarter of 2020 and the first quarter of 2021.

Whaling attacks have also been on the rise. These phishing attempts are the inverse of executive impersonation. Instead of an attacker posing as an executive to dupe employees, the attacker poses as an executive to trick another executive, typically a CEO or CFO, into providing sensitive data or sending funds to the attacker’s account. Data reveals that nearly two-thirds of organizations report an executive being targeted by a whaling attack, and nearly 50% of organizations say their executive fell victim to the attack. According to the FBI’s 2020 Internet Crime Report, business email attacks, which include whaling and executive impersonations, resulted in $1.8 billion lost last year, making it one of the most costly forms of cybercrime.

Social media is rapidly displacing email as the preferred tool for phishing attacks. The ease with which attackers can create fraudulent accounts combined with the propensity to divulge personal information on these sites makes popular platforms a breeding ground for impersonators. Research suggests that up to half of all social media logins are fraudulent, and last year law enforcement calculated that $155 million was lost through social media attacks. 

How to fight phishing in 2022

The defining features of modern phishing attacks are speed and scale. When phishing websites only pop up for a few hours at a time and creating a fake social media profile only takes a few minutes, it’s hardly surprising that CISOs everywhere are struggling to stay one step ahead of attackers. But in many cases, CISOs aren’t even aware of the vulnerabilities facing their organization.

Our recent CISO survey revealed a staggering shortfall of phishing protection in the four key areas outlined above. Particularly troubling was the lack of protection against social media and website phishing, which rank among the most common and effective methods of compromising a business.

The majority (56%) of CISOs surveyed said they didn’t monitor social media at all or only manually checked key social media platforms like Facebook, Twitter and LinkedIn on occasion for impersonation or phishing attacks. Further, a third of CISOs don’t monitor their CEO or other executives on social media platforms and only 12% confirmed that they take a broad approach to social media protection by collecting reports on suspicious Facebook pages or regularly monitoring Facebook ads, users, pages and groups.

The results for website phishing protection weren’t much better. About a third of CISOs responded that they monitor their domain registrations for fraudulent activities on a regular basis and roughly the same percentage of CISOs monitor content changes on domains they’ve registered in the past without checking record changes as well.

When considered in the context of skyrocketing phishing attacks, the implication of the survey results is clear. CISOs need to better prepare to defend their organization from impersonators in 2022 by creating defenses that stop phishing attacks wherever they occur.

Many of the techniques employed by CISOs in the coming year will be tried and true. Educating employees, running frequent security audits and using multi-factor authentication are a must. But CISOs must also commit to increasing their awareness of the threat landscape by proactively monitoring for phishing attacks.

The speed and scale of modern social media and website phishing make them difficult to defend with manual methods. A single person can’t possibly search through millions of social media posts, links and websites for fraudulent activity on their own. This is where automated, intelligent tools have a lot to offer CISOs. AI-driven software can constantly monitor social media and websites for malicious links, fake profiles, fraudulent branding, and other precursors of phishing attacks. With real time alerts from automated sentries, CISOs can take fast action to neutralize threats before they become a problem for their organization.

AI-driven brand protection provides a way to futureproof an organization’s security as attacks increase and eclipse the ability for humans to fight back. What’s your next step in the fight against cyberattacks?
KEYWORDS: Chief Information Security Officer (CISO) CISO leadership cyber attack response cyber fraud cyber security research fraud detection social media account hack social media risk

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Yoav keren

Yoav Keren is the CEO of BrandShield.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • authentication-freepik

    Passwords aren’t enough: Why businesses need to build more comprehensive security

    See More
  • cost-enews

    The High Cost of Not Doing Enough to Prevent Cyber Attacks

    See More
  • keyboard keys swirled together

    What CISOs need to know to mitigate quantum computing risks

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing