Cybercriminals’ candid love affair with social media

With the pervasiveness of social media today, it is proving to be just as attractive for cybercriminals from all over the world to get together and ply their trade – and they do so without any attempt to conceal their online activity.

That’s emerged with the release of a new research paper, ‘Hiding in Plain Sight: The Growth of Cybercrime in Social Media’, RSA the security division of EMC, which blows the lid on the growing use of social media as a communication channel for fraudsters. 

“Social media is many different things to people all over the world, ranging from a source of comfort, entertainment and engagement, to a time waster or annoyance. This paper now demonstrates that it is also a tool for cybercriminals to collaborate, develop their skills and even exchange valuable stolen information, including credit card details,” says Richard Booth, Senior Fraud and Cybercrime Specialist, at RSA APJ.

He explains that the study set out to research the structure, format, and entry requirements for joining global cybercrime groups across the most popular social media platforms and details exponential growth in the volume of visible fraudulent activity on social networking platforms.

The global popularity of Facebook extends to fraudsters: it is their preferred social media network, while WhatsApp is rapidly rising in popularity.

But most surprising, notes Booth, is that there is little effort to conceal fraudulent activity – hence the title of the report. “Just like legitimate sports clubs and special interest groups form Facebook groups, so too do cybercriminals. And just like legitimate clubs are easy to find, so too are those of fraudsters. They are operating in plain sight.”

Instead of adjusting privacy settings to ‘secret’ in an attempt to operate stealthily, the report found that most groups operate under ‘public’ or ‘closed’. “Even in the closed groups, a simple join request is all that is required to gain access without the vouching process or references typically needed to join fraud forums in the ‘deep web’,” notes Booth.

The illegal activities carried out on these groups include ‘carding’ (in 53 percent of posts), such as the buying and selling of stolen credit card details, buying and selling carded items, carding tutorials as a service, buying/selling/exchanging carding methods, and carding bragging and sharing live credit card data as ‘freebies’. 

 

• More than 500 fraud-dedicated social media groups around the world were studied, with an estimated total of more than 220,000 members. More than 60 per cent, or approximately 133,000 members, were found on Facebook alone.

• Most of the fraud–dedicated groups are public – visible and open to all.

• The types of information openly shared in social media include live compromised financial information such as credit card numbers with PII and authorisation codes, cybercrime tutorials, malware and hacking tools, and cashout and muling services.

• WhatsApp appears to be the newest fraud communication channel. Twitter, despite its worldwide popularity and proliferation, is not preferred as a fraud communication channel.

• During the period of this study, over 15,000 compromised credit cards were detected (called ‘CVV2 freebies’ in fraudster lingo) and publicised on social media networks.

 

This research focused on the regions including Brazil, India and Southeast Asia, Latin America, West Africa, France and other French-speaking regions. 

The full report can be downloaded here.