Disinformation: a cyber threat

14 August 2018

0 comments

by Karthik Prabakaran Senior Associate, Cyber Security

Email +44 (0)7802 660601

Online disinformation is a hot topic at the moment, and there are several different types, ranging from the satirical to fully-fabricated content which can be characterised as:

  • Misleading content – frames an issue or individual misleading information
  • Imposter content – impersonates genuine content
  • Fabricated content – false content designed to deceive and cause harm
  • False connection – headlines, visuals or captions do not support the content
  • False content – genuine content shared with false contextual information.

Why is this a cyber security issue your organisation should be aware of?

Although disinformation is a fundamental challenge for democracies, it is also a cyber security issue. Consider two real life scenarios:

  1. A supposed recruiter posts a fake job opening requesting CVs and personal information. Thousands of people fall prey to this typical case of false content and disclose their personal information, paving way to numerous social engineering attacks.
  2. A typo-squatted social media account (a form of cybersquatting relying on spelling mistakes in a web address), ostensibly belonging to tech giant’s CEO promises a cryptocurrency giveaway. Although this is a typical advance fee scam, the connection to the individual lends credibility. Although in this case the fabricated content was reported and removed, the impact would have been colossal if the URL had hosted malicious content, for example ransomware.

What can organisations like mine do to mitigate this risk?

Fake accounts generating disinformation are monitored and removed by content reviewers and profile verifiers. However, the advent of socio bots with conversational capability calls for proactive measures such as screening and mapping users to a valid identity during the onboarding process.

Internet users can also help combat disinformation, by:

  • Checking social media profiles: ensure they are not typo-squatted and the company profile has a “verified” symbol (“No Tick – No Trust”)
  • Check headlines: are they descriptive or deceptive? Warning signs are Unnecessary Capped Letters and exclamation points!
  • Check facts: use fact checking websites. Not everything you read on the internet is true
  • Report: help content reviewers by reporting suspected disinformation
  • Educate your friends and family: educate friends and family, and tell them when they are sharing disinformation

If you would like to talk to me further about this topic, please email or find me on LinkedIn.

by Karthik Prabakaran Senior Associate, Cyber Security

Email +44 (0)7802 660601