Why Fraud on Social Media Will Never Be Stopped

Social media companies profit from fraudsters and they will never take them down unless someone makes them

Fraud investigators know that the majority of fraud cases come from social media. The Federal Trade Commission reported that victims lost $1,228M on social media in the U.S. in 2022, and $658M in the first two quarters of 2023. This is the highest loss compared to all other methods of contact. I worked for Meta so I know that fraud prevention and detection exist and can work on social media. But looking at the sheer number of losses, it doesn’t seem to be enough.

In addition to investigating fraud on Meta and Instagram, I was lucky to work for a fintech company and I found interesting differences in how investigations were handled in both industries. Bad users are still users for social media companies and the latter care a lot about metrics, daily users, and user base growth. Removing all fraudsters and bots used in facilitating fraud will decimate the numbers. There is an estimation that Twitter has 15% bots and they removed 70 million fakes in 2018 with 330 million active users, Facebook deleted 6.5 billion bots while reporting 3.5 billion active users in 2021.

When a social media company encounters a fraudster they can disable the account, and any assets that belong to a bad guy. In a good scenario, there will be a cease-and-desist letter. In extremely rare and unusual cases, litigation might happen. Fraud usually is not reported to law enforcement by social media companies, and when users try to do so, they get no response (proven by my personal experience and many people around me).

But when fraud happens in a fintech company the response is always more serious. Like any financial institution or a money service business, fintech companies have an obligation to report suspicious activities to many government oversight organizations. They also have a more significant responsibility to their users considering that people expect fraud protection and demand actions from banks. The bot problem is still significant in fintech, especially in companies that deal with individual customers. I remember removing thousands of bots a day, that were directly responsible for fraud. Most of them used money layering techniques that were more common in money laundering than in garden variety scams.

Zelle is a notable exception with no one being liable for fraud losses because banks only cover transfers that are unauthorized, which, for example, can happen in account takeovers. When victims transfer money to a fraudster, they technically “authorize” the payment that instantly excludes them from any protection. Major U.S. banks are discussing the possibility of a refund of funds that were used in scams after pressure from the government. The UK banks will be implementing a similar reimbursement system in 2024.

Social media companies will not take down fraud because they profit from user activity. Government pressure seems to be the only way for corporate companies to start treating users’ losses to fraud seriously. The FTC issued a request in March for the eight biggest social media to provide information about fraud prevention in ads that they deliver.

The UK Lloyds Banking Groups called Meta to take responsibility for the fraud that originated on Facebook, Instagram, and WhatsApp. Their research, based on 25 million retail customers, showed that 68% of purchase scams started on Meta’s platforms, with someone in the UK falling victim to a scam every seven minutes. By the time a scam reaches a bank, it’s getting harder to identify suspicious patterns. Successful fraud prevention has to start on social media websites.

Interesting Reads This Week:

• Over $200 billion in pandemic business loans appear to be fraudulent, a watchdog says
• Man who targeted public figures in a hacking scheme sentenced in SF
• 13 Bizarre Email And Direct Message Scams To Watch Out For

Find more about fraud and investigations in the Investigator Blog