Social Media Sites 'it Easy' for Scammers to Trade Stolen Information

An investigation by Which? has found that fraudsters and scammers are operating openly on social media sites, and the consumer rights group has criticised Facebook and Twitter for failing to crack down on the issue.

Carried out before the COVID-19 lockdown, the investigation found 50 profiles, pages and various groups on Twitter, Facebook and its sister platform, Instagram, were selling stolen credit card information.

Account information for platforms such as Netflix and Uber Eats were also being offered by scammers, the investigation found.

In particular, one Facebook post identified by investigators revealed sensitive personal information belonging to an individual in Yorkshire.

Details belonging to the man included his full name, date of birth, address, mobile phone number and private banking details, such as account numbers and sort codes.

Concerningly, Which? claimed the post had been live for several months, and when reported to Facebook, the social media firm would not take it down as it fell within the company’s community standards.

The post was removed only once a review of Facebook’s decision had been made. Despite this, the hacker group it was posted on remained live.

“While Facebook also removed a few other isolated posts that Which? reported, when a researcher checked six days later, it had allowed every page and group to remain,” the consumer rights group revealed.

Similarly, during its investigation of Instagram, Which? found users sharing price lists for how much it would cost to acquire an identity. Additionally, ‘fraud bibles’ were also being offered through the social media site. These guides provide tips and advice to amateur hackers and fraudsters.

Responding to the investigation, Facebook said in a statement: “Fraudulent activity is not tolerated on our platforms, and we have removed the groups and profiles flagged to us by Which?

“We continue to invest in people and technology to identify and remove fraudulent content, and we urge people to report any suspicious content to us so we can take action.”

On Twitter, investigators found scammers offering credit card details of an individual with a “£13,000 plus” balance for just £100. Alternatively, prospective ‘customers’ could purchase three sets of card details for a fee of around £200.

Fake passports were also being offered for up to £3,000. With these, researchers warned, a person could potentially use as proof of ID to open credit cards or bank accounts.

“Twitter’s algorithm also made it all too easy to find criminal ID sellers,” Which? said. “After searching for and viewing such accounts, the site suggested following ones offering similar services through its “who to follow” section.”

Recommended

• Firms brace for Covid-19 impact despite 2019 tech sector growth
• ‘Scottish Tech Army’ calls on digital experts to combat Covid-19 pandemic
• Surge in scammers using reCaptcha walls to increase phishing attacks

Twitter said it is “against our rules to use scam tactics [on Twitter] to obtain money or private financial information.

“Where we identify violations of our rules, we take robust enforcement action. We’re constantly adapting to bad actors’ evolving methods, and will continue to iterate and improve upon our policies as the industry evolves,” the social media firm added.

Jenny Ross, Money Editor at Which? insisted that social media companies take a stronger stance on fraudulent activity and work closely with law enforcement to address the issue.

“It’s astonishing that social media sites make it so easy for criminals to trade people’s personal and financial information, particularly as fraud is such a prevalent crime that can have devastating consequences,” she said.

“Social media firms must take much stronger action to prevent their sites becoming a safe haven for scammers, and should work with the financial industry and police to address serious flaws with their platforms.”

Ross Kelly

Staff Writer