Digital Mistrust In Social Media
- By Stefan Hammond
- November 07, 2022
From Gen Z Millennials to tech-savvy chief digital officers (CDOs), we all imagine a tiered pyramid as our paradigm for social media. We assign “trust-levels” to different tiers.
Our concepts of digital trust supersedes mass-media fascination with social media business. We may find Elon Musk's recent headline-inspiring tweets interesting, but it doesn't necessarily mean we'll trust Twitter as a platform.
Twitter, beloved by pop stars and politicians, isn't high on the must-trust list. Neither is Facebook, which boasts a stonking 2.9 billion MAUs (monthly active users, with 1.9 billion DAUs).
High levels of participation typically indicate a minimal wheat-to-chaff level. But proponents argue that the massive userbase means consumers can frolic in mainstream offerings or delve into the “long tail” and peruse specific regional forums — or enjoy photos of chihuahuas wearing hats.
Know your (social) client
Such platforms emphasize the measures they take against spoof accounts. But the effectiveness of such proscriptive strategies is questionable.
Take for example this random profile generator for short-form video hosting service TikTok. By selecting parameters via drop-down menus and uploading a couple of images, a fake profile including a lock screen in your choice of Android or iPhone can be generated.
Digital trust supersedes mass-media fascination with social media business
“You can change ANYTHING, like user name...followers count, likes count and bio information,” says the site. “This generator is not the slightest bit related with tiktok.”
While it's instructional to periodically examine the tactics of legerdemain involved with social media, the level of tomfoolery is no mystery to CDOs. Fake profiles abound on lowest-common-denominator social media platforms.
Toward the pyramid's apex
But LinkedIn positions itself differently. “Launched on May 5, 2003, the platform is primarily used for professional networking and career development and allows job seekers to post their CVs and employers to post jobs,” says Wikipedia.
It's popular: “As of February 2022, LinkedIn has 830+ million registered members from over 200 countries and territories.” Note that Twitter currently has about 400 million users.
LinkedIn is feted for promoting personal branding, lauding accomplishments, and pursuing career opportunities. The platform is typically regarded as blue-chip social media.
Twitter, beloved by pop stars and politicians, isn't high on the must-trust list
“LinkedIn has long said that the professional nature of the [its] platform sets it apart [and it ] is where, by far, the largest number of professionals gather to stay connected and informed, advance their careers, and work smarter,” says LinkedIn on their site. “The professional nature of the LinkedIn network is what that makes the LinkedIn platform less susceptible to deceptive content according to [a 2019 report by] Business Insider.”
LinkedIn says “the report found just a 2% chance for members to post deceptive content on LinkedIn compared to a 42% chance on Facebook.” And a later study by U.S.-based Insider Intelligence supports LinkedIn's claims of social media credibility.
Trust and relevance
The “Digital Trust Benchmark Report 2021” canvassed “1,730 U.S. social media users on the factors that most affect their trust in social platforms and how those factors impact their decision to engage with ads or sponsored content there.”
Needless to say, users tend to be more receptive to advertising on platforms they trust. The report “evaluated how these users feel about nine major social media platforms — Facebook, Instagram, LinkedIn, Pinterest, Reddit, Snapchat, TikTok, Twitter, and YouTube — and reveals the extent to which trust affects usage and attitudes toward advertising.” And data privacy is a key factor.
“More than half (52%) of respondents said that whether a platform protects their privacy and data is extremely impactful on their decision to interact with the ads or sponsored content they see there...our study suggests that advertisers do need to consider the state of user trust in their ad spending decisions. They should prioritize data privacy in both their own internal policies and in their advertising decisions.”
The February 2022 publication date sets off this prophetic (given Elon Musk's Twitter wranglings) quote: “Trust concerns haven’t always led advertisers to actively pull back on their social ad spending. And when they have, they’ve done so only temporarily. Past boycotts have often been short-lived before advertisers quietly returned to platforms.”
Straight-up CISO spoofing
Recently, security researcher Brian Krebs uncovered blatant attempts to spoof CISO identities on LinkedIn.
“Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations,” wrote Krebs. “It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.”
The latter part is worrisome. “You might ask Google who it thinks is the current Chief Information Security Officer of Chevron,” wrote Krebs. “When KrebsOnSecurity did that earlier this morning, the fake CISO profile was the very first search result returned (followed by the LinkedIn profile for the real Chevron CISO).” Ouch.
In such a scenario, incorrectly identified parties typically move faster than platforms. “Rich Mason, the former CISO at Fortune 500 firm Honeywell, began warning his colleagues on LinkedIn about the phony profiles earlier this week,” wrote Krebs. “'It’s interesting the downstream sources that repeat LinkedIn bogus content as truth,' Mason said. 'This is dangerous, Apollo.io, Signalhire, and Cybersecurity Ventures'.”
LinkedIn has taken steps to combat the fraudsters. “Today, LinkedIn announced that it has begun to display more information about accounts to verify their authenticity, actively hunt for fakes using AI, and warn users when they receive suspicious messages,” wrote bleepingcomputer.com in late October.
That's good. But also: “Over the past couple of years, LinkedIn has become heavily abused by threat actors to initiate communication with targets to distribute malware, perform cyberespionage, steal credentials, or conduct financial fraud.”
Bleepingcomputer cited the Lazarus North Korean Hacking group, which “commonly approaches targets over LinkedIn with fake job offers. However, these fake job offers lead to the installation of malware that allows the threat actors to gain access to a target's device, and potentially corporate network, or conduct multi-million cryptocurrency hacks.”
Trust in the realm of social media is hard to come by, but that may be a good thing. Another case of Netizen emptor.
Stefan Hammond is a contributing editor to CDOTrends. Best practices, the IoT, payment gateways, robotics, and the ongoing battle against cyberpirates pique his interest. You can reach him at [email protected].
Image credit: iStockphoto/SIphotography