On July 5, 2023, Meta’s Instagram released “Threads”—an online social media and social networking service offering users the ability to post and share text, images, and videos, as well as interact with others and join public conversations through posts, replies, reposts, and likes.
Many companies began creating accounts on Threads as an extension of their existing social media and communications programs. Since its launch, the platform has garnered significant global attention with over 30 million downloads in the first 16 hours and 100 million users in the first five days.
Due to this popularity and fast growth, the Research Team at CSC began looking at ways that cybercriminals may be taking advantage of Threads. Specifically, we explored two areas:
- New domain registrations using Threads, including domains particularly affiliated with organizations
- How cybercriminals are already using Threads for malicious activity to exploit brands
Surge in domain registration observations
Between June 26 and July 27, 2023, we observed 428 new domain registrations using the term “Threads,” many of which have some sort of affiliation to existing brands. This points to the need for organizations to monitor their domain activity to determine which registrations on Threads are authorized and authentic, and which are fraudulent and can put your brand at risk of abuse.
Fraudulent accounts on Threads and brand abuse
In addition to domain registrations, CSC observed the Threads presence of Interbrand’s Top 25 Brands—a ranking of the best and most valuable global companies based on the consulting company’s expert evaluation of global branding standards and valuation. In exploring the brands in this list, 84% are already being targeted for brand infringement, and some of these brands do not even have official Threads accounts. These brand infringements may come in the form of the following:
- Claims of affiliation
- Logo abuses as profile pictures
- Brand impersonation
- Reseller and distributor issues
- Tips related to the brand (potential authorization)
Because of the fraudulent activity already happening for brands on Threads, CSC has been helping take down fraudulent domains on behalf of clients. For other organizations who find domains that need to be taken down, the enforcement process is identical to that of Instagram, and the documents needed include:
- Trademark information, including registration number, appropriate jurisdiction, International Classification of Goods and Services numbers, and legal owner name
- Signed Letter of Authorization (LOA)
- Summary of infringement action
As with any new tool or technology, organizations should take the initiative to learn about its risks and consider the security measures needed before jumping right into more consistent use. In the case of online platforms like Threads, cybercriminals will try to beat you to the punch, so it is all the more crucial to be aware of your entire domain landscape and take proactive steps to cut off exploits and infringements from the source, at the time of registration.
Preventative action against infringements
There are several preventative actions that organizations and security teams can take to gain visibility into domain activity affiliated with their brands and reduce the ability for cybercriminals to exploit related domains on Threads:
- Implement continuous monitoring for new domains that may be potentially infringing domain registrations, as well as monitoring for re-registered domains, which may indicate a pattern of malicious domain registrations made by bad actors.
- Consider defensive registrations by your own organization for any new or dropped domains that are seen as high value.
- Review necessary actions to be taken against the domains resolving to content that infringes on your brands.
- Consult your domain registrar and security team on the list of high-risk domains and review next steps accordingly.
Ultimately, Threads is still a relatively new app, and we’re bound to see changes in how organizations—and cybercriminals—leverage its features. Complete domain visibility and protection will help your organization mitigate potential risks and brand abuse while allowing your teams to explore new online frontiers securely.