In 2023, Facebook is still the most popular social network online, with 3.030 billion monthly active users. its massive user base has always made it a fertile ground for bad actors. In recent years, technological developments such as GenAI engines and smarter, more independent bot networks have brought new weapons into the malicious actors’ arsenal, and created new opportunities for sophisticated impersonations and social media phishing scams.
Impersonation scams have been around forever, and nowadays there is a higher degree of awareness towards them than in previous years. They are likely to ignore a mail from “their bank” with typos and a domain that’s clearly fake, just like they would identify a Nigerian Prince Scam. However, scams are constantly becoming more elaborate – and more sophisticated.
Fake Airports, Fake Luggage, Fake Buyers
The scam Cyabra uncovered involved 23 Facebook pages impersonating the official pages of airports around the world: Auckland in New Zealand, Oslo Gardermoen in Norway, Changi in Singapore, Heathrow in the UK, Denver in the US, Helsinki in Finland, Dublin in Ireland, King Abdulaziz in Saudi Arabia, Hamad in Qatar, Ben Gurion in Israel, O. R. Tambo in Gauteng, Václav Havel in Czech Republic, and many others.
As seen below, the pages had thousands of likes and followers, which helped raise their exposure and create an appearance of authenticity. Most of the profiles liking and following the page were actually fake profiles – and their involvement wasn’t a silent following (more on that in the next part).
The fake airports posted almost identical content, announcing a sale of long-lost luggage at very cheap prices, supposedly with the aim of clearing storage space in the airports’ warehouses. The image shared by the fake airports was also identical, except for one important detail – the scammers edited the numbers and currency in the photo, customizing them to match the country where the airport was based. Some of the pages even posted in a language native to the respective country’s airport.
The link posted by the fake airports led to websites offering “luggage lottery”, where users were asked to provide their credit card numbers to order the suspiciously cheap luggage, which was, of course, the objective of the phishing.
This clever impersonation scam was already convincing enough due to its skillful use of language, currency, and a purchased follower base. But there was more: fake profiles weren’t just following the pages. They were interacting with them, and they were doing so in an unbelievably authentic-looking way.
5-Star Review From the Fake Profile
What the fake profiles were in fact doing was commenting on the “sale” posts with photos of suitcases filled to the brim with goods, displaying how pleased they were with their “purchase” and describing the contents of the suitcase in great detail. Fake profiles were given native-sounding names, chosen to fit the airport’s region, and similar to the original posts, their comments contained various languages and currencies. Some of the fake comments even showed doubt in the legitimacy of the sale, just so other fakes could respond to them, explain the sale was real, and show their suitcase of treasures.
Each airport’s posts were engaged by dozens of excited comments by fake profiles, effectively dispelling suspicions of any fraudulent activity.
This scam worked so efficiently because it played on the herd mentality (or the mob effect): When many authentic-looking profiles respond to a scam, they create an illusion of credibility, neutralize our wariness, lower our healthy skepticism bar, and make it easier for us to fall prey for the phishing scheme.
Furthermore, the fake profiles themselves looked completely authentic, and followed guidelines that showed deep understanding of the Facebook’s algorithm, and an ability to manipulate it:
- All of the fake profiles had many friends on Facebook (most likely other fake profiles).
- The fake profiles were created and had started posting at least a year or two before they were participating in the airport luggage scam.
- The fake profiles’ timelines were meticulous, showing a history of regular, myriad posting.
- The posts looked as authentic as can be: the fake profiles were sharing selfies and other casual photos of themselves, discussing their hobbies, posting photos of vacations, dinners, family and pets, and generally behaving like an authentic Facebook profile that wouldn’t raise suspicion with anyone.
Attention: Last Call to Scam Gate
How did the scams end?
So far, they haven’t. While some pages were already reported and taken down, new pages are constantly being created, even now. Below, you’ll notice that Heathrow Airport actually has three different impersonation accounts: “Heathrow Baggage”, “Lost Bag Heathrow – Airport”, and “Heathrow Unclaimed Baggage”, all created mid-November. The first page is currently the only one with a large number of followers and likes – the others are most likely lying in wait, as part of the strategy of having backup pages, where fake likes and fake followers can be diverted to once the first impersonation page is inevitably taken down.
As mentioned, this phishing scheme is sophisticated because it works on the herd mentality, encouraging us to lower our defenses in the face of what seems like authentic profiles. Furthermore, this scam cleverly targets regional populations: the wide variety of languages and airports, including airports in smaller countries whose native language isn’t English – such as Qatar, Singapore, Saudi Arabia, the Czech Republic, and Israel – make it easier to scam the locals using their native tongue. It’s very likely none of them would check if those fake airport pages exist in any other languages.
Can You Identify Malicious Actors Impersonating Your Company?
The airport luggage scam proves once more that impersonations have become a threat to businesses and companies. Even if you’re a threat intel or cyber security expert, identifying fake profiles and fake content on social media requires a whole new skill set. Not only that, your followers on social media are expecting you to be the first to know of any impersonations or fake profiles using your name, and to warn consumers to watch out for scams – something very few of the airports have, in fact, done.
Cyabra provides accurate, cross-platform, multi-language, real-time social threat intelligence. If you’d like to learn more about how we track and identify impersonations, scams, and phishing, contact us to set up a demo.
