This blog is part of our International Fraud Awareness Week series for 2021 – learn more here.

If you think the only people who get defrauded via social media scams are the elderly, then you’re probably a good target.

Fraudsters know how to spot that kind of hubris, and they love it when targets get complacent and let their guards down. It saves them the effort.

Here’s a figure to help put that assertion in perspective: in the UK, over the first half of 2021, people lost £355 million to authorized push payment fraud. That’s when a scammer gains the trust of someone — an Instagram cosplayer, a dating app user, an accounts payable representative, whomever — and eventually convinces the victim to send them money.

Fraud doesn’t get done at the scale of £355 million in six months without social media. What’s more, each social channel is ripe for a specific type of scam:

  • Investment scammers can direct message new users on the /r/bitcoin or /r/wallstreetbets subreddits.
  • Romance scammers can spend weeks building up trust with people on dating apps until they finally drop the line, “If you really want to see me, then send me money for a plane ticket.”
  • Money launderers can make mules of LinkedIn users — who can list themselves as #OpenToWork — with offers of remote work.

In this article, PJ Rohall from Featurespace’s team of fraud Subject Matter Experts explores how scammers identify targets on social media and take advantage of those victims’ emotional and psychological vulnerabilities.

All human beings are vulnerable

We all have emotional and psychological vulnerabilities. That’s just a part of being human. In the last two years, some of those vulnerabilities have come into sharp focus:

  • People have felt lonely and isolated during quarantines and lockdowns.
  • People have felt anxious about their health and the health of loved ones.
  • People have felt worried about their financial security.
  • People have felt as if they’ve missed out on social opportunities (“They’re already having festivals in Belgium!”) and financial opportunities (“SHIBA INU coin is up 93% this week!”).

Scammers play on all of those fears. That’s how scams have always worked.

What’s different now is social media allows scammers to figure out the fears people have. We leave enough clues on social media that an interested scammer can build a profile of us and our activities. All the scammer has to do is lay the trap.

So, when you see a story of a high school teacher being defrauded of £9,000 in a bitcoin scam, don’t focus on the how aspect of the scam. The much more revealing question is “Why?”:

  • Perhaps it’s because teachers have felt especially vulnerable during the pandemic.
  • Perhaps it’s because teachers are seeing stories every day about how veteran investors and even kids their own students’ age are getting rich off of crypto. They’re experiencing that fear of missing out.
  • Perhaps it’s because social media constantly reinforces those narratives. When anyone hears a story enough, it starts to sound like a fact — even when our better judgement would tell us that Elon Musk is probably not giving away $750 million.

How social media gives scammers extra leverage

The very nature of social media networks allows scams to thrive. With so many platforms and so many people always online, opportunities abound 24/7.

Scammers can scale their attacks, too. Someone running a romance scam on Tinder can have 100 conversations going in that app. A phone scam, by contrast, limits the scammer to one conversation at a time.

Further, social media is not as heavily regulated as, say, a bank. That’s both a problem of scale and a problem of will. The Facebook Papers recently revealed how unsuccessful that platform has been in stamping out hate speech, especially among non-English speaking users. If money launderers are recruiting money mules in Farsi, what’s their actual risk of detection?

And here’s the coup de grâce: A significant and growing body of research suggests social media has a negative impact on our mental, emotional, and physical wellbeing. These networks reinforce the very vulnerabilities that make us so susceptible to scams in the first place.

How can banks combat this kind of fraud?

In November 2019, professional fraud expert Coby Montoya wrote a guest post on About-Fraud detailing his own experience with getting scammed by someone who had spoofed his bank’s phone number as well as an email alert.

What’s interesting about Coby’s story is how his level of suspicion went up and down throughout the scam. He clocked some red flags but missed others. In the end, the fraudster was successful despite Coby’s own awareness that something was wrong.

The lesson: Responsibility for fraud and scams prevention cannot fall squarely on the banking customer. Customers have a certain level of responsibility when handling their money and data, but clearly vulnerabilities still exist.

Social media companies should be doing more to stop their platforms from being exploited by scammers and some of the responsibility should fall on them, unfortunately they are not doing enough yet. Absent massive legislative change, social media companies cannot be relied upon to combat financial fraud.

Ideally it will take individuals, groups, industries all to play a role to curb scams, but right now that leaves the financial institutions to bear the burden of what results from these scams. It’s because of this dynamic that we built ARIC™ Risk Hub, which studies and learns how to model which behaviors are genuine and which are not. With those insights, we can help banks identify things like money-mule transactions or potentially fraudulent authorized push payments.

Find out more on how to prevent authorized push payment (APP) scams here.