Social Engineering Scams Targeting Fashion and Brand Influencers Increasing in Prevalence and Sophistication

Recent increases in fraud and phishing activities targets popular social media figures and UGC creators to leverage member brand names as part of scams.
Influencer holding make-up products filming on a phone.

Context

During the second half of 2022, multiple RH-ISAC member analysts reported observing increases in fraud and phishing activity targeting popular social media figures and user-generated content (UGC) creators (i.e. “influencers”) leveraging member brand names as part of the scams. The fraud activity spikes observed in the past few months have been both prolific and sophisticated, leveraging branding from multiple retailers and leveraging advanced social engineering tactics, including impersonating job recruiters and sending fake contracts. 

Types of Activity

Members have reported increases in three key types of scams, in which scammers claim to be large retailers:  

  • Recruiting influencers to be brand ambassadors 
  • Recruiting models 
  • Recruiting UGC creators 

Members observed scammers leveraging two key contact methods to reach out to UGC creators: 

  • Creating social media profiles pretending to be various retail brands on various platforms (Instagram, TikTok, Twitter, etc.) and private messaging victims on those platforms 
  • Emailing victims UGC creators, at email addresses the creators have made public 

Members also reported four key behaviors and corresponding objectives: 

  • Targets are tricked into paying fake shipping fees for free merchandise, while the scammers keep the money and do not ship any items
  • Targets are tricked into undressing on video calls misrepresented by scammers as “virtual fittings” or job interviews with the goal of fraudulently recording victims without informed consent
  • Targets are tricked into providing financial data and account details on the promise of payments, after which scammers steal money from the targets
  • Targets are tricked into providing personal identifiable information (PII) such as name, address, driver’s license, social security number, which scammers will likely leverage for identity theft and other fraud efforts

Mitigation Strategies

Member analysts discussed three key options for addressing the fraud activity: 

  • File abuse forms against email addresses reported as sending fraud and scam activity as the fastest way to resolve the issue
  • Educate UGC creators through public messaging on how employment, brand ambassador, and promotion processes work and how to avoid common fraud tactics, techniques, and procedures (TTPs)
  • Refer targets of successful fraud activity to law enforcement for official investigation

Subscribe to the Blog

Receive news and RH‑ISAC updates for cybersecurity practitioners from retail, hospitality, and other customer-facing companies, straight to your inbox.

Subscribe Now

More Recent Blog Posts

View All Blogs