Securing the Digital World

Cybercrime in Social Media Grows 70% in Six Months

Dec 06, 2016 | by Heidi Bleau |

These days, all you need to do is type "botnet," "hacking," "DDoS," "CVV2," or any other cybercrime-related term into the search bar on most social media platforms, and you will find a plethora of fraud activity occurring in plain sight. As reported earlier this year by RSA, social media has become a breeding ground for cybercrime-related activity, attracting fraudsters from around the world who take advantage of these platforms because they are free, easy-to-use, and offer a global reach.

According to our research, fraud posts began showing up in social media as early as 2011, when stolen credit cards and e-commerce accounts began being published openly on social media platforms. Initially residing in the hidden cracks and corners of social media, the level of fraud activity rapidly rose to flood the network with fraud offerings. And now, the vast majority of fraudsters operate largely in the open, and many even sell and trade stolen credit card data and hacking kits from their own personal profiles. There is a parallel world of fraud that is hiding in plain sight, existing side-by-side with the rest of us.

The Results: Then and Now

Some of the key findings of our original report included:

  • More than 500 fraud-dedicated social media groups around the world were studied, with an estimated total of more than 220,000 members investigated for this report. More than 60%, or approximately 133,000 members, were found on Facebook alone.
  • Many of the fraud-dedicated social groups are very public - visible and open to all.
  • During the period of this study, we detected the contents of over 15,000 compromised credit cards (called "CVV2 freebies" in fraudster lingo) that were published on social media networks.

So, what exactly are the bad guys selling and trading on social media? Carding, cashout, and the sale of stolen credentials are some of the predominant topics discussed within these groups. The following chart shows the most popular discussions and fraud groups by topic:

Hiding in plain sight

Fast forward six months, and what have we found? This is a rapidly growing problem that is hardly going away. In fact, it appears to be getting worse. The average number of users in the fraud-related groups tracked by RSA has grown substantially, from an average 1,909 members, to more than 3,217 members. Additionally, our most recent figures report the total number of members in these groups has increased 70%, from 179,447 to 305,677 individuals.

The geographic hot spots for fraud on social media channels continue to be located within Brazil, Russia, China, India and Southeast Asia, Latin America and Nigeria, all of which have been profiled in previous reports.

The Takeaways

The question we have received most often from when we initially reported on this activity earlier this year is: What are the social media platforms doing to combat this growing threat? From what RSA has observed, social media platforms are taking proactive steps to take down posts, profiles and groups engaged in these illicit activities, but they have not been effective at keeping up with the pace of this activity. Whenever one disappears, two more pop up.

The bottom line: Cybercriminals are operating in the clear, without significant worry or concern. Beyond brand and reputation tracking, social media has become a source of cyber-intelligence - one that many organizations have probably not paid much attention to in the past, but should actively take notice of now.

For more information, please contact our team at

For up to date information on this and other cybercrime threats, visit the RSA Link community or follow us @RSAFraud.