Hands on laptop using social media showing social media scams

FTC: Social Media Scams Surging, Represent an Underlooked Cyber Crime Risk

New data released by the Federal Trade Commission (FTC) reveals that social media scams made up a quarter of all losses from online fraud in 2021, about double the amount from 2020 and an 18x increase since 2017.

Over 95,000 United States consumers lost money to social media scams in 2021. The most common type of scam involves online shopping, but the largest individual losses were caused by investment scams. Romance scams were also prominent in both quantity and financial damage caused to the victim.

Social media scams quietly becoming a popular form of cyber crime

Ransomware dominated the mainstream news cycles in 2021, and business email compromise also became a much more prominent threat in cybersecurity circles. But in terms of cyber crime that does not involve hacking, the FTC says that social media scams are now more profitable than any other method of reaching people.

These scams also buck the trend of disproportionately victimizing older demographics. The FTC data finds that the usually more resistant demographic of younger adults (age 18 to 39) is twice as likely to be victimized by social media scams as an older adult is.

In total, scammers stole $770 million via social media in 2021, up from $258 million in 2020 and just $42 million in 2017.

Social media scams begin with a post, ad or direct message on the platform, usually backed up by a fake persona either created from the ground up or purchased/stolen illicitly. The latter technique is popular as it saves scammers the trouble of accumulating “friends” and followers to give a more substantial appearance of legitimacy.

Investment scams are the single most profitable type, riding the tail of interest in nonprofessional “retail investing” generated during the pandemic period. Of all types of investment scams, more than half of victims say that the scam began on social media. The primary approach is to hype up an investment in something that does not actually exist, with money (usually cryptocurrency) having to be transferred directly to the scammer to get in on the opportunity. Investment social media scams sometimes involve the scammer befriending and earning the confidence of the target over some period of time before making the pitch for their money.

The second most lucrative of the social media scams also involves cozying up to a target over a period of time by establishing false intimacy. This is the “romance scam,” and victims say that it usually begins on Facebook or Instagram with a direct message rather than through a dating site. The scammer will flirt and establish trust for some period of time, baiting the victim into thinking a genuine intimate relationship is developing before asking them to send money (often under the pretext of some sudden personal crisis occurring).

Though investment and romance scams take in the most money, the most common attempt is the online shopping scam. This is usually no more than a false advertisement of something for sale, with the scammer taking the money and running when the victim pays for it. Fake online shopping ads represented just slightly less than half of all successful social media scams in 2021, and 70% of the victims say that they paid for an advertised good that was never shipped. This is another scam type that is most common on Facebook and Instagram, and some say that the scammers impersonate legitimate retailers and drive traffic to lookalike websites that are patterned after the real thing.

Advice for defending against social media scams

The FTC says that the first line of defense against social media scams is in user privacy settings, applied judiciously to limit the amount of attempts that can be made by strangers. Scam attempts are also more frequently coming through platform ad networks, which are not proving capable of screening them all out; opting out of targeted advertising is also advised (where possible).

The agency also advises a technique frequently used to defuse business email compromise attempts: when you receive a request for money, call or speak to the supposed sender directly to confirm it is a legitimate request. Online scammers are known to use hacked or lookalike accounts to appear to be a friend or family member.

Unfamiliar companies should also be searched before making a purchase; the FTC recommends simply entering the company name into Google and adding “+scam” or “+complaint” to the search to see what other customers may have had to say about them.

And while social media scams are more frequently targeting younger users at present, the AARP warns that scammers are still out looking to victimize seniors online. This seems to be particularly true with social media apps that are uniquely popular with users age 50 and older, such as Facebook. Social media scams that target older users often come in the form of fake quizzes, offers of government grants or corporate giveaways, or ads for “miracle cure” health aids.