More than three years after RSA fraud analysts first reported on cybercriminals operating openly on social media, this alarming trend is receiving renewed attention. Just this month, NBC News and other major media outlets shared the discovery of dozens of Facebook groups where fraudsters were openly doing business.
For the RSA FraudAction research team, the trading and selling of stolen credit card information and account credentials on social media is a familiar phenomenon. The team released an in-depth study of this form of digital risk back in 2016; today, it continues to identify and track the evolution and growth of cybercrime's social media presence. Here are some highlights of their work to date.
Cybercrime on Social Media: It's not just for Facebook Anymore
The first RSA report on cybercrime in social media, released in early 2016, tracked more than 500 fraud-dedicated social media groups around the world, with an estimated total of more than 220,000 members investigated for the report.More than 60%, or approximately 133,000 members, were found on Facebook alone. In continuing to study the trend, RSA reported the total number of members in these groups increased 70% in only six months.
Since then, social media has matured as a channel for digital communication, and now includes a multitude of platforms that cybercriminals find very useful. By 2019, their activities spread to others including Instagram, Snapchat, WhatsApp and, most recently, Telegram – a messaging app with a bot feature that has proven especially appealing to cybercriminals.
As reported, Telegram bots enable cybercriminals to automate fraud activities, making it possible to go far beyond using social media to organize their communities and share information. Some bots offer automated tools for fraud activities; others provide actual fraud services via online stores. Wall Street Store Bot, for example, is a credit card store where fraudsters can buy and sell cards, get information about account balances and purchase histories, and add funds to a Bitcoin wallet. There's even a customer support channel.
A Growing Phenomenon: Social Media Attacks Up 43 Percent in 2018
At the end of last year, RSA fraud analysts reported a 43 percent increase in social media attacks they detected, compared with an increase of only 12 percent in phishing attacks. While both attack vectors grew, social media grew at a much faster rate. It's a trend that seems likely to continue, considering the payoff. For little to no investment in technology, cybercriminals can rake in billions by exploiting social media. A six-month global study of social media cybercrime conducted last year showed annual earnings of nearly $3.25 billion for cybercriminals operating on popular social platforms.
In this time of digital transformation, more and more organizations are finding ways to benefit from a digital presence that includes social as well as mobile and other digital channels. Crime organizations are no exception with the move onto social media platforms becoming part of their own digital transformation. And while buying and selling credit card numbers, account credentials and other information online isn't new, it's always been mostly relegated to the dark web – until now. The anonymity, low cost and ease of operating on social platforms has made social media an increasingly attractive place to do business and has emboldened criminals to do more business there, more openly. It's been clear to RSA for a long time that there's every reason to expect that activity will only continue to grow.
# # #
Learn more about the digital transformation of cybercrime, including its growing presence on social media, in the 2019 Current State of Cybercrime report from RSA.
Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity