Social Engineering Techniques: Misinformation & Brand Exploitation

1. Misinformation & Disinformation

Definition: The deliberate dissemination of factually incorrect details, distinct from opinion-based differences.

Purpose: Designed to divide, confuse, or mislead groups of people.

Common Occurrence: Influence campaigns, often political or social in nature, frequently seen on social media platforms.

Role of Nation-States

• Some governments or third-party entities create discord among populations.
• Goals may include:
  • Persuading people to believe falsehoods.
  • Distracting from damaging truths.
• These efforts can be deployed through:
  • Websites.
  • Advertisements that subtly deliver misinformation.

How Misinformation Spreads

1. Creation of Fake Accounts: Attackers generate multiple fake user accounts.
2. Posting Misinformation Online: Fake accounts post misleading content on social media.
3. Amplification via Social Media Algorithms: Fake accounts like, share, and follow misleading content, boosting its reach.
4. Involvement of Real Users: Actual people share the misinformation, believing it to be true.
5. Mass Media Pickup: Once misinformation gains traction, media outlets may cover it, further legitimizing the false narrative.

2. Exploiting Brand Names for Social Engineering

Method: Attackers create numerous fake websites mimicking well-known brands (e.g., Coca-Cola, McDonald’s).

Search Engine Indexing: These fake sites get indexed by Google, misleading users searching for legitimate brands.

Signs of Fake Sites & Their Risks

Common Indicators:

• Pop-up messages claiming a prize or special offer.
• Requests to download software.

Risks:

• Malware infection upon downloading malicious files.
• Display of intrusive ads.
• Tracking of browsing activity.
• Potential data exfiltration to attackers.