Over the last decade, social media platforms have grown to become an integral part of not just our daily private lives, but also our public lives. For credit card fraudsters, or carders, social media platforms provide the scalability, anonymity and reach necessary for them to peddle stolen goods in their virtual storefronts.
In our original study of this growing threat, much of the global cybercriminal activity occurred on Facebook, QQ, and Baidu. However, due to the global rise in popularity of multiple social media platforms, many fraudsters have expanded their activities to new platforms including WhatsApp, Telegram, Instagram, Snapchat and others.
Continued research also revealed new insights into how social media technology and the traditional criminal marketplace create a new kind of fraud market, including ideas about the medium itself and the humans setting up shop.
The power of modern social media and networking platforms to keep exclusive communities of like-minded people connected are being co-opted by fraudsters looking to take advantage of the anonymity, usefulness, and global reach of these applications to profit.
A Survey of Social Media Criminal Marketplaces
There are several reasons fraudsters, like legitimate users, are attracted to social media platforms as “control stations” for their social lives and even their businesses. The mass communicative properties of these networking programs bridge physical divides and distances to allow seamless sharing of ideas and information. On top of that, many platforms provide additional benefits to users looking to maintain an exclusive space for a specific purpose that remains unknown to those not trusted enough to be part of the circle:
- Built-in Anonymity. The use of representative screen names and subjective identity information such as a user profile, allows malicious actors their initial layer of confidentiality. Given the ready availability of webmail, and its nonexistent identity verification requirements, not only can malicious actors have one anonymous account, but they can – and often do – have dozens or more, ready to be activated.
- Exclusive, Invite-Only Structures. Explicit invite-only and group-management functionality inherent in nearly all social media platforms are valuable to fraudsters whose primary concern, even above making money, is to remain unknown to any who would foil their plans, or report them to authorities.
- Mobile Integration. Early social media platforms had to be optimized for mobile. Today’s apps are engineered to be viewed as hand-held dashboards of their users’ lives. Mobile-enabled social platforms allow real-time monitoring and access to all information on the network, from anywhere with cellular access or WIFI, enabling fraudsters to be nimbler than ever in making deals and dodging authorities.
Across the range of platforms, there are some interesting trends that may be useful in evaluating the current status of social media fraud marketplaces. For example:
- Extended Feature Sets. In the past, there was a clear distinction between instant messaging platforms and social media. However, during the last few years, those same platforms which have been used solely for the purpose of peer-to-peer communication, have evolved into something more and are used in the same way as social media.
- Multi-platform Models. All fraud groups in social media can be thought of as one uniform sphere, with fraudsters often advertising groups/contacts from one platform in another one, and alternating between two or more platforms even during conversations. Moreover, the content shared in the various social media groups is inherently similar, and mainly serves to increase the fraudster’s reputation and customer base.
- Criminals are users, too. While there are differences between the platforms and particular reasons to choose one over another, fraudsters generally behave like typical social media users: most try to be represented on as many platforms as possible to reach as wide an audience as possible, to maximize their marketing and market visibility.
Until the next round of law enforcement or corporate action to regulate malicious activity in these spaces, the criminal shadow will hang over social media in general, and most certainly in the case of social media fraud markets. Modern cyber thieves will continue to look for the most effective and efficient ways to cash out stolen financial and identity information while blending in with the billions of other users and accounts on their preferred platforms.
In the meantime, understanding the draw of social media in general can help us understand its attractiveness to the criminal element, and in turn, it informs our efforts to combat misuse and to justify our continued financial and social investment in these new information technologies. Social media is an enabler for business, but it also presents a growing digital risk to consumer-facing organizations. Keeping track of and reporting on the adoption and utilization of these platforms by fraudsters is imperative to keep all interested parties—including the public at-risk—aware of this very real problem.
# # #
Get the full details on the social media platforms facing this fast developing digital threat and the types of cybercriminal activity occurring on them in our new report, “The Social Media Fraud Revolution.”
*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Heidi Bleau. Read the original post at: http://www.rsa.com/en-us/blog/2018-04/dark-web-goes-social.html