Git-Mirrors/DISARMframeworks
1
0
Fork 0
mirror of https://github.com/DISARMFoundation/DISARMframeworks.git synced 2024-12-19 21:04:19 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity
7b57759624
DISARMframeworks/generated_pages/techniques/T0097.205.md

5.5 KiB
Raw Blame History

Technique T0097.205: Business Persona

  • Summary: An institution with a business persona presents itself as a for-profit organisation which provides goods or services for a price.

    While presenting as a business is not an indication of inauthentic behaviour, business personas may be used by threat actors as a front for their operational activity (T0143.002: Fabricated Persona, T0097.205: Business Persona).

    Threat actors may also impersonate existing businesses (T0143.003: Impersonated Persona, T0097.205: Business Persona) to exploit their brand or cause reputational damage.

    Legitimate businesses could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.205: Business Persona). For example, a business could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.

  • Belongs to tactic stage: TA16

Incident Descriptions given for this incident
I00070 Eli Lilly Clarifies Its Not Offering Free Insulin After Tweet From Fake Verified Account—As Chaos Unfolds On Twitter “Twitter Blue launched [November 2022], giving any users who pay $8 a month the ability to be verified on the site, a feature previously only available to public figures, government officials and journalists as a way to show they are who they claim to be.

“[A day after the launch], an account with the handle @EliLillyandCo labeled itself with the name “Eli Lilly and Company,” and by using the same logo as the company in its profile picture and with the verification checkmark, was indistinguishable from the real company (the picture has since been removed and the account has labeled itself as a parody profile).

The parody account tweeted “we are excited to announce insulin is free now.””

In this example an account impersonated the pharmaceutical company Eli Lilly (T0097.205: Business Persona, T0143.003: Impersonated Persona) by copying its name, profile picture (T0145.001: Copy Account Imagery), and paying for verification.
I00095 Meta: Chinese disinformation network was behind London front company recruiting content creators “A Chinese disinformation network operating fictitious employee personas across the internet used a front company in London to recruit content creators and translators around the world, according to Meta.

“The operation used a company called London New Europe Media, registered to an address on the upmarket Kensington High Street, that attempted to recruit real people to help it produce content. It is not clear how many people it ultimately recruited.

“London New Europe Media also “tried to engage individuals to record English-language videos scripted by the network,” in one case leading to a recording criticizing the United States being posted on YouTube, said Meta”.

In this example a front company was used (T0097.205: Business Persona) to enable actors to recruit targets for producing content (T0097.106: Recruiter Persona, T0143.002: Fabricated Persona).
I00116 Blue-tick scammers target consumers who complain on X Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.

Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.

They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.

Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the sites subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. Xs terms and conditions do not state whether subscriber accounts are pre-vetted.

Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “Id been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.

“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which Id need to download an app.”

Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.

In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset).
Counters Response types

DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW