Fraud is one of the major challenges posed by the digital revolution and a new white paper by RSA Security suggests that social media is the perfect place for it to thrive.
The U.S. information security company (which is part of the Dell family) released their annual “Current State of Cybercrime Report” for 2019, alerting readers to the growing trend of cybercriminals relying on social media platforms to commit fraud as well as securely communicate with each other about coordinating and automating their attacks.
Social media fraud is on the rise
According to RSA, social media fraud attacks have increased by 43% over the last year alone and cybercriminals are constantly finding new ways to exploit these platforms.
Because it is free, easy to use, accessible throughout much of the world, and doesn’t require identity authentication, social media offers fraudsters a way to appear legitimate, hide behind anonymity, and provides them a low-cost way to reach potential victims. Cybercriminals are also using Facebook, Instagram, WhatsApp, and other legitimate platforms to communicate with each other and sell stolen identities, credit card and social security numbers, and other hacked data. The encryption offered by these apps allows them to exploit privacy protections so law enforcement can’t identify them or track them down.
The role of mobile fraud
Another important set of statistics provided by RSA relate to mobile technology. While mobile apps are a much broader category than social media, there is some overlap, especially when it comes to financial transaction apps. Apps that allow for cash transfer or payment are susceptible to hacking and credit card fraud, in which stolen cards are uploaded to accounts to send money to accomplices. Facebook currently allows most users to send money through the Messenger app (although TechCrunch recently reported that this would be shut down in the U.K. and France) and Snapchat did as well until they were bested by Venmo and Zelle.
Venmo, in particular, has had a problem with fraud. According to the Wall Street Journal, the PayPal-owned company recorded an operating loss 40% higher than expected in 2018 (for a total of $40 million), which they largely chalked up to fraud. When these kinds of unexpected losses hit a company, it doesn’t only cause customers trouble but can force companies to recalculate earnings estimates which impacts stocks.
RSA found a 680% increase in fraudulent transactions from mobile apps between 2015 and 2018 and notes that 70% of fraudulent transactions originated in the mobile channel in 2018.
Social media users at higher risk, but you can protect yourself
Social media users face higher risks of fraud. Javelin Strategy and Research found account takeovers (in which fraudsters gain access to an account and change contact and security information to lock users out) increased 61% between 2015 and 2017 alone, totaling 1.4 million incidents and $2 billion in losses. They also found that people who are active on Facebook, Instagram, and Snapchat are 30% more likely to be victims of fraud due to increased exposure and information sharing.
What consumers need to be most aware of is the ease with which increasingly savvy cybercriminals can gain access to accounts and steal identities. Keeping your information safe by using password managers, staying aware of hacks that have exposed your information, regularly checking bank and credit card statements for fraudulent charges and reporting them, and limiting friends lists to people you know and trust is a good start. To avoid phishing and smishing (or SMS phishing) attacks, it’s a good idea to bookmark the URLs of websites used to access banking and other private data and only log in through those pages rather than following links sent in e-mails and text messages.
It’s important to note that just because there are over 2 billion people using an app like Facebook doesn’t mean it’s safe and trustworthy.Social media sites need to generate revenue to exist and this can often come at the expense of strict security standards. Targeted advertising works best when it collects personal data from users, so platforms are built to encourage you to share as much information as possible. Even seemingly benign information such as middle names, birth dates, home towns, graduation dates, and hobbies can be used to defraud customers and reconstruct passwords or recovery question data.
Security poses new risks
Users should expect some inconvenience as new protections are put in place. Multi-factor authentication, for example, can be a pain and takes more time when accessing accounts, but puts an extra layer of protection between consumers and criminals.
While behavioral analytics have raised questions about surveillance and privacy, RSA says they are increasingly used to prevent fraud by checking the behavior of fraudsters against those of known users. Of course, it remains to be seen whether the privacy trade-off is worth it.
Cross-channel integrations that consolidate consumer information (allowing you to access multiple accounts from one platform – connecting Facebook to store accounts or other apps, for example) are also in need of a security overhaul.
While it’s best not to link accounts, companies have been hesitant to remove this linking feature, instead building authentication hubs to verify user data. Consolidating legitimate information, including biometrics, about users can help identify fraudulent users, but it’s important to note that building this kind of database poses its own risk to privacy and raises myriad other ethical issues. And let’s remember the declarations by dozens of security companies that cybercriminals have been able to keep pace with these new security developments; exploiting authentication hubs would be disastrous for privacy.
We’ve long known that a lack of consumer knowledge and lax attitudes about privacy helps facilitate fraud. Insecure passwords allow fraudsters to access a treasure trove of information and long-forgotten accounts provide excellent covers for anyone who can either break in or reset accounts that weren’t properly secured with backup e-mails or phone numbers.
As with most complex problems of the modern world, there’s no easy way to address these issues. Billions of people have had their private information leaked, hacked, posted, and sold on the web, regardless of whether or not they were on social media. But the seeming inevitability of having private data stolen shouldn’t make us complacent when it comes to using social media platforms. Freely giving out information will only exacerbate the problem and being aware of the dangers is an integral first step to taking control of the information you can protect.