Context
During the second half of 2022, multiple RH-ISAC member analysts reported observing increases in fraud and phishing activity targeting popular social media figures and user-generated content (UGC) creators (i.e. “influencers”) leveraging member brand names as part of the scams. The fraud activity spikes observed in the past few months have been both prolific and sophisticated, leveraging branding from multiple retailers and leveraging advanced social engineering tactics, including impersonating job recruiters and sending fake contracts.
Types of Activity
Members have reported increases in three key types of scams, in which scammers claim to be large retailers:
- Recruiting influencers to be brand ambassadors
- Recruiting models
- Recruiting UGC creators
Members observed scammers leveraging two key contact methods to reach out to UGC creators:
- Creating social media profiles pretending to be various retail brands on various platforms (Instagram, TikTok, Twitter, etc.) and private messaging victims on those platforms
- Emailing victims UGC creators, at email addresses the creators have made public
Members also reported four key behaviors and corresponding objectives:
- Targets are tricked into paying fake shipping fees for free merchandise, while the scammers keep the money and do not ship any items
- Targets are tricked into undressing on video calls misrepresented by scammers as “virtual fittings” or job interviews with the goal of fraudulently recording victims without informed consent
- Targets are tricked into providing financial data and account details on the promise of payments, after which scammers steal money from the targets
- Targets are tricked into providing personal identifiable information (PII) such as name, address, driver’s license, social security number, which scammers will likely leverage for identity theft and other fraud efforts
Mitigation Strategies
Member analysts discussed three key options for addressing the fraud activity:
- File abuse forms against email addresses reported as sending fraud and scam activity as the fastest way to resolve the issue
- Educate UGC creators through public messaging on how employment, brand ambassador, and promotion processes work and how to avoid common fraud tactics, techniques, and procedures (TTPs)
- Refer targets of successful fraud activity to law enforcement for official investigation
