How is social media used to commit fraud?

I don’t know what proportion of social media users would query why there’s a piece on social media on a blog about fraud and financial crime, but I suspect it’s high.

The fact is, social media has long been a favourite medium for cybercriminals to do their research and facilitate their crimes, whether financial fraud, identity theft … or both. And they’re becoming increasingly devious and convincing.

Here are some of the ways that financial crime committed via social media, and what can people do to safeguard themselves against it.

Piecing together information

Information that some users post or include in their profiles can represent a goldmine for criminals. The personal details requested by some platforms just when setting up an account – such as date of birth, address and mother’s maiden name – could all be used to steal a user’s identity. This goes hand-in-hand with the ubiquitous practice of using details like family, pets’ or football club names in passwords, because posting photos of the family dog or a day out at Manchester City provides big clues for the jigsaw puzzle.

And, of course, remember that Facebook has been constantly in the news for the way it uses and shares member data.

Research reveals that thankfully, our ‘Generation Z’ young people are being considerably more guarded about the information they reveal online. Many older users, however, despite warnings about oversharing, remain guilty as charged.

Our advice: Don’t overshare … personal should mean personal. If you really need to supply your birthday when registering for a social media account, use someone else’s. The same goes for your mother’s maiden name. Never post pics of your driving licence or passport; they’re an identity thief’s dream. Lock down your privacy settings, but remember there’s no guarantee that your information won’t be shared.

Holiday time

In a similar vein, social media is the modern burglar’s best friend and that includes the status and photos people share when they’re away on holiday, having left the house empty for a week or two. If your home is ransacked while you’re away, not only could insurance companies not settle claims if they find you’ve announced your absence on social media, but the burglar will have a field day with your bank statements and other confidential papers.

Our advice: however tempted you are to share your holiday good times online, think twice before you do.

Phishing

Phishing via email is still by far the most common initiator of online financial crime, but phishing by social media is getting up there too.

With billions of active users, it represents a rich vein of income for fraudsters. Innocent looking links in Tweets, Facebook posts or on photo or video sharing sites – or in direct messages – can be used to bait users into clicking through to websites which either invite them to enter confidential details or are laden with malware. There’s a multitude of risks, from being duped into revealing logins to having your device infected with any kind of malware – whether it’s ransomware, spyware, a key logger or a bot. All this, just from clicking on a link.

Our advice: don’t click on spurious links in posts, comments or DMs and avoid QR codes for the same reason.

Fake Twitter support accounts

Another commonplace scam involves criminals creating a convincing but fake Twitter customer service account with a handle similar to a bank or other financial services provider’s real one. They wait for customer help request tweets at the bank’s genuine handle, then hijack the conversation by responding with a fraudulent support link sent from a fake support page. The victim is directed to a convincing but fake login page designed to capture their confidential details.

Our advice: if you’re asked for login or other confidential information online, don’t supply it, but call the bank or other organisation concerned on the phone number you know to be correct.

Being befriended by a fraudster

Being deceived out of money to help out someone who says they’re desperate isn’t confined to online dating. Online friendships which begin on social media can grow very fast. Most are genuine, but some fraudsters take advantage of this and begin to ask for money to help them out of a desperate situation, with the amounts steadily growing.

Our advice: never send money or reveal bank account details to anybody you’ve met online, however convincing their story.

It’s scary, but only if the safety rules aren’t followed. At Get Safe Online, we applaud social media for its many positives.

Report fraud to Action Fraud at www.actionfraud.police.uk or on 0300 123 2040