Social media makes it easy for everyone to connect with friends and family, and it has also fueled business growth by making it easier to target audiences with specific interests.
But, what happens when criminals take advantage of these social platforms for malicious purposes?
Social Media Cybercrime a $3 Billion Business
The rise of social networking has created an atmosphere for increased cybercrime.
A new report from Bromium, which was researched and written by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, has revealed that social media-enabled cybercrime is generating at least 3.2 billion dollars per year in global revenue.
Reports of cybercrime involving social media grew by more than 30,000% between 2015 and 2017 in the US, and social media-enabled crime quadrupled between 2013 and 2018 in the UK, according to the Bromium analysis.
In addition, according to the report, these platforms have become a major source of malware distribution. The research found that up to 40 percent of malware infections on social media comes from malvertising, and at least 30 percent come from plug-ins and apps; many of which lure users in by offering additional functionality or deals.
How does it work? “While a post on Facebook or Instagram may look like it’s promoting Ray-Ban sunglasses or Nike shoes, they could be more sinister and deliver malware once clicked. Cybercriminals embed malware into posts or friend’s updates and use photo tag notifications to persuade users to open infected attachments,” explained Dr. McGuire.
Once the user clicks, the malware executes, allowing hackers to steal data, install keyloggers, deliver ransomware, persist and hide for future attacks and so on.
In 2018 the verified twitter account of one of the major retailers in the U.S. was hacked. A series of tweets were published endorsing a bitcoin giveaway scam, announcing a giveaway of 5,000 bitcoins to Targets’ followers
As stated by Twitter, this was part of a series of cryptocurrency-related hacking on the platform originating from a third-party software provider.
This wasn’t an isolated event, either. The scammers started by making fake accounts impersonating Elon Musk, an act that is against Twitter’s Terms of Service. The accounts would post scammy links under Musk’s tweets that asked users to send a small amount of bitcoin in order to receive a larger amount.
This is a confusing enough tactic that, according to TechCrunch, has been a profitable endeavor, making the hackers over $37,000 in cryptocurrency in just a few hours.
Alexandre Martinez was a victim of identity theft: His name, photographs, and personal information were used to create a multitude of fake social media accounts.
This continued for over five years when a Bulgarian man named Spas Vasilev was jailed for using the fabricated identity (Alexander Nikolov) to scam people.
Not long after that, the fake Facebook profile was taken over by Bulgarian authorities, who announced it by putting a logo on the profile picture and a banner on the cover image. It read: “This profile has been taken over by the Division for Organized Crime for its criminal use, in accordance with the Criminal Code of the Republic of Bulgaria.”
How did Vasilev scam his audience? Under the pretense of being a rich and successful manager with connections in various airlines, he allegedly began offering discounted flights to dozens of people through Facebook. Many people trusted him, and even secured flights.
But, amazingly, online identity theft is reportedly not a crime in Bulgaria; one of the prosecutors working on Vasilev’s case, Ivaylo Petrov, said the focus was solely on traceable financial dealings that Vasilev had while pretending to be Alexander Nikolov.