- | 9:00 am
This new generation of scammer is hiding in plain sight on your socials
Forget the dark web, social media offers an easy way to disseminate information to a large number of people in a short period of time with relatively low risk of getting caught.
If you’ve been seeing more social media content promoting fraud and scams, you’re not alone. Nearly one in four consumers in a recent survey have seen offers to participate in account-takeover schemes online.
This is because there’s a new category of influencer: fraudsters who teach and sell fraud “methods” on social media. These methods are how-tos on anything from credit card abuse and account takeovers to food delivery and travel loyalty point scams, signaling a dark shift in the world of fraud.
For the past three years, I’ve explored scams targeting a range of industries, including retail, financial services, and travel. I’ve assisted large restaurants and food delivery services dealing with account takeovers through deceptive meal discount offers and helped global retailers mitigate the misuse of stolen low-limit credit cards for purchasing high-value goods in “buy now, pay later” schemes.
A deep dive into social media sites like TikTok and Instagram, as well as messaging apps like Telegram, reveals that what was once part of the dark underbelly of the internet is now operating in broad daylight, with potentially disastrous effects for consumers and businesses alike.
THE INNER WORKINGS OF “FRAUD INFLUENCERS”
The trend of the fraud influencer goes beyond using a fake account to defraud individuals, à la the Tinder Swindler. Fraud influencers are actively advertising and selling tactics, making it possible for anyone with an account to become a bad actor online.
The model can be compared to the social media “coach,” whose goal is to show people how successful you are on social media as a means of recruiting others to coach on becoming a successful leader or influencer. Fraudsters are replicating this playbook as a way to attract potential scammers, and in both instances core to the strategy is boasting about the lavish lifestyle achieved through the tactics employed.
Fraudsters will highlight their gains from running a “method” and share teasers of specific methods to recruit new bad actors and drive them to encrypted platforms like Telegram. Once directed to these less public forums, they operate groups in which individuals can purchase a range of materials to support fraudulent activity—including “fraud bibles” (a collection of instructions for committing fraud), accounts for sale, credit cards with personally identifiable information, etc.
Take, for instance, an individual I discovered on TikTok. This “influencer” has had an active profile redirecting to their Telegram since at least March 2022. At various points they’ve sold OTP (onetime passcode) bots, methods to obtain free food and electronics, and promised a yearly income of $100,000 via refund fraud. They now focus solely on selling a method to trick victims into sending them Bitcoin. Bad actors like this who encourage thousands of individuals to participate in their scams can have a dramatic impact on the bottom line of a credit card company, online store, or cryptocurrency platform.
Unlike traditional influencers who seek a high follower count, the goal with these scammers is to evade moderators and platform scrutiny, thus most have a few hundred or few thousand followers at most. Their main objective is to direct traffic to Telegram, so they instead work to be searchable, get views across various accounts, and move from one account to another as their activities are flagged.
Here, consider another account that doesn’t use TikTok to direct potential customers to buy tools or stolen info but rather to recruit new fraudsters to work directly for them. When their team is full and hiring pauses, they share free samples of stolen credit card numbers to keep their audience engaged on Telegram.
This reflects a larger trend: Bad actors are no longer working in the shadows of the dark web; they’re operating in broad daylight. And fraud isn’t just one bad actor targeting victims on an individual basis. This is the rise of fraud-as-a-service.
‘FRAUD-AS-A-SERVICE’ REQUIRES BUSINESSES TO STAY ONE STEP AHEAD
The shift of fraudulent activity to social media underscores the fact that there’s simply less reason to use the dark web anymore. Social media offers an easy way to disseminate information to a large number of people in a short period of time with relatively low risk of getting caught.
The rise in fraud influencer content is indicative of a greater trend we’re witnessing: the democratization of fraud. Platforms like TikTok, Instagram, and Telegram are lowering the barrier to entry to commit fraud by making it easier for anyone to purchase scam “methods” for a relatively small fee. The fraud-as-a-service business model has proven to be very profitable, and social media platforms are incredible marketing tools for luring in the next generation of fraudster.
Fraud-as-a-service (FaaS) means companies need to be more vigilant about proactively maintaining security systems. Because bad actors can sell their tactics to others, they are more incentivized to find vulnerabilities in a system. And these vulnerabilities are costly—businesses lose 5% of their revenue each year to fraud.
The companies best equipped to deal with FaaS are the ones that have systems in place to identify and understand new threats as they come about. This is a crucial first step in any strategy for combating fraud. If a business doesn’t understand what’s happening in both public and private fraud networks, it’ll be impossible to mitigate potential risks.
Industry collaboration is also key. Rather than keeping information in a silo, businesses should join merchant forums and data consortiums that share information and threats with one another. In today’s new world, where FaaS means new threats can take over quickly, industries should work together and learn from one another to prevent the same thing from happening twice.
The latest Federal Trade Commission data book says people reported losing $8.8 billion to scams in 2022, and FaaS is unique because it makes the end goal much simpler, giving bad actors one degree of separation from the dirty work of committing fraud.
Content moderation helps mitigate some threats, but it’s a challenge to combat FaaS at scale, and in real time. Fraudsters are running their businesses across multiple platforms, so no one platform has visibility into the full operation. And while consumers have an obligation to resist the lure of easily accessible fraud tools, ultimately the onus is on the companies being exploited in fraud schemes to better detect and prevent fraudulent activity and protect their customers.