Computerworld

​INSIGHT: Antisocial media? How fraudsters openly ply their trade online

Criminals tend to ply their trade by the cover of night. But even that is no longer the case in a social media-crazed world.

Criminals tend to ply their trade by the cover of night. But even that is no longer the case in a social media-crazed world.

Unfazed by the potential for getting caught and prosecuted, fraudsters openly associate on the internet using that most familiar platform of all - Facebook. The great irony is that the fraudsters have perverted social media, instead rendering it antisocial.

That’s the result of the first part of a research report titled ‘Hiding in Plain Sight’, from RSA, the security division of EMC.

It’s no surprise that for years, fraudsters have used social platforms to target users with phishing attacks, distribute malware, and conduct data mining of intended victims in an attempt to gather personal information.

However, what has now emerged is that social media is a communication and collaboration channel for criminals who make little or no effort to conceal their activities.

That’s a stark finding, as conventional thinking would (and did) assume that fraudsters conceal their activities using freely available tools on the ‘deep’ (or dark) web, using anonymous browsers like Tor (The Onion Router - which conceals the location and identity of the user).

Instead, cybercrime forums flourish on Facebook and WhatsApp with illicit activity happening in plain sight. Many of the groups are open, able to be viewed by anyone, while other ‘closed’ groups have only rudimentary requirements for joining.

That confirms a reality which has always confronted the victims of cybercrime and those law enforcement agencies which attempt to police it: the global nature of online crime makes it exceedingly difficult to hold offenders to account, with multiple jurisdictions, a web of sometimes contradictory laws and the difficulty of gathering and presenting evidence conspiring against successful prosecutions.

Key findings of the research include:

  • More than 500 fraud-dedicated social media groups were detected, with an estimated total of more than 220,000 members. More than 60 percent (approximately 133,000 members) were found on Facebook.
  • Most of the fraud-dedicated groups are public – visible and open to all.
  • The types of information openly shared media include ‘live’ financial information (credit card numbers with PII and authorisation codes), cybercrime tutorials, and commercial offerings such as malware and malware tools.
  • It’s not only Facebook - other language and community-specific platforms are also being used.
  • WhatsApp appears to be the newest fraud communication channel. Twitter is not preferred.
It isn’t difficult to see why social media is used by fraudsters - after all, its primary goal is to create communities. By promoting the exchange of information, social media encourages members to contribute to the community by its members.
Most social media also suggests new connections with other members of similar interests (social networking), and in this way, communities are created and can grow very rapidly.
It is these basic properties, combined with loose policies for verifying real identities of users, which have provided fertile ground for fraudsters.
A further surprise is just how long they’ve been at it: openly publicised fraud posts started showing up in social media as early as 2011. It was just so audacious that nobody expected it to be quite so plainly obvious. For a long time, this fraud activity remained largely unnoticed, to the point that some seminal fraud posts can still be found online to this day.
That’s now in the process of changing, as through this research, the lid is being blown on how fraudsters operate. If they will continue to operate in plain sight, where it is easy for them to make contacts and trade, or if they will go underground, remains to be seen.
By Richard Booth - Senior Fraud and Cybercrime Specialist, APJ, EMC