The dark side of social media

The dark side of social media | Insurance Business Australia

The dark side of social media

There's no  denying  that  in  the  20  or  so  years  since  its  inception,  social  media  has  rapidly  evolved  to  become  one  of  the  most  popular  online  activities.  But  how  private  is  the  information  we  share  online,  and  how  can  it  be  used  against  us  by  threat  actors  looking to commit fraud?

The   annual   Global   Insurance   Fraud   Summit has identified the use of social media as a key trend shaping the evolution of insur-ance  fraud.  Investigators  must  acknowledge  the  crucial  role  that  social  media  channels  present  as  a  source  of  data  intelligence,  says  Dennis  Toomey,  global  director  for  counter-fraud  analytics  and  insurance  solutions  at  BAE  Systems.  Conversely,  consumers  must  also  be  educated  on  the  dangers  of  putting  their personal information online.

“Exploitation  of  social  media  and  elec-tronic   communication   has   contributed   to  a  fundamental  shift  in  how  fraudsters  operate,”  Toomey  says.  “It’s  also  rapidly  evolving. Criminals are adapting their activ-ities  incredibly  quickly,  often  more  quickly  than defences can be updated to tackle them. And it’s being used on a massive global scale. In the US, for instance, social engineering is used in a third of cyber breaches, with email compromises  accounting  for  more  than  $1.2bn in victim losses.

”Broadly speaking, social media is creating new  opportunities  for  fraud,  particularly  for  investment  fraud,  says  Peter  Hazlewood,  group  financial  crime  risk  director  at  Aviva.  When it comes to social media, the common line  of  thought  is  that  if  you’re  not  paying  for  a  product,  then  you  are  the  product,  but  many  people  still  aren’t  highly  aware  of  the  dangers  involved  with  sharing  private  infor-mation on a public platform.

“For  professionals,  you  need  to  assume  that your social media activity may come into your work life,” Hazlewood says. “Certainly, I always assume that the two things are inter-linked,  and  the  way  I  conduct  myself  on  social media is with the assumption that our chairman or CEO might see it.”

An area where directors and officers need to  be  very  careful,  he  adds,  is  with  sensitive  information.  There  have  been  numerous  cases  in  the  past  where  corporate  profes-sionals  have  gotten  into  trouble  for  putting  sensitive  information  online,  whether  that’s  price-sensitive   information,   disinforma-tion,  misleading  information  or  potentially  offensive posts.

“There’s  definitely  an  uptick  in  D&O  insurance and in the tools that are out there to  limit  the  liability  and  reduce  fraud  across  the  board,”  says  Rob  Douglas,  co-founder  and  CEO  of  fraud-detection  search  engine  Skopenow.  “But  it’s  difficult  because,  from  what  I’ve  seen,  the  more  popular  or  more  public-facing  a  director  is,  the  more  risk  there  is  because  there  are  more  details  exposed,  which  can  make  it  really  easy  to  guess what their password hints might be.”

Faced  with  the  spectre  of  this  threat,  says  anti-fraud  teams  are  rising  to  the  challenge  and  are  harnessing  social  media  themselves  to  combat  fraud  –  albeit  with caution, as this approach carries its own risks.  Many  carriers  around  the  globe  use  social  media  and  open-source  intelligence  (OSINT)  to  investigate  insurance  fraud,  although processes, sites and guidelines vary across the industry.

“Carriers have to exercise extreme caution when  using  this  to  investigate  suspicious  claims,” Toomey says. “The good news is that most  carriers  do,  and  also  have  standard  operating  procedures  in  place  to  make  sure  the  investigators  stay  well  within  the  compliance guidelines.” 

Anti-fraud    organisations    such    as    Skopenow  are  now  being  used  not  only  for  fraud  investigations,  Douglas  says,  but  also  to  try  to  calculate  how  exposed  someone  is  when online.

Meanwhile,  Hazlewood  says  there  are  several  actions  professionals  can  take  to  protect  themselves  and  their  data  from  fraudsters.  First  and  foremost,  he  says,  directors and officers should always assume that what they put online will be read widely, both within and outside their organisation.

This  is  especially  relevant  right  now,  he  says,  as  information-harvesting  fraud  syndi-cates  are  increasingly  posing  as  members  of  a  credible  organisation  to  connect  with  members  of  an  executive  team  on  LinkedIn.  Once they’re in that network, they have access to  a  lot  more  information,  and  they  can  see  what an executive is doing behind the firewall of their privacy settings. This, in turn, enables fraudsters  to  reshape  their  methodology  to  make themselves appear even more credible.

“One  of  the  things  that  we  do  internally,  especially  in  respect  of  our  senior  exec-utives,  is  provide  training  and  advice  on  how to use social media responsibly and how to  stay  secure,”  Hazlewood  says.  “And  that’s  certainly  something  that  is  good  practice  for corporates.”