Social networks provide rich opportunities for making new friends, sharing interests with others and even finding romance. Popular networks such as Twitter and Facebook facilitate interactions between hundreds of millions of users. They play an increasingly important role in shaping the way we socialize, but many do not realize that there are real and present dangers around them.

Social media sites generate revenue from targeted advertising that is personalized for each user based on geolocation, demographics, interests and more. As such, social networks encourage users to share as much information as possible. Because of this, users happily post information about the places they visit, the people they hang out with and other personal information. They also use various applications and social games to further their information sharing.

The more active the user is, the more value he or she adds to the social network and its advertisers. Since social networks want users to share more information, they make it difficult for users to set their privacy settings (which limit information sharing). As a result, most users do not take the time to optimize their privacy settings and leave the default settings on, ignoring the hazards that come with sharing private information online; they fail to realize that their personal information quickly becomes available not just to their friends and family, but also to fraudsters who abuse the information for malicious purposes. It’s easy to forget that the information we share and the trust we build with our network is exactly what cybercriminals are after.

Constantly in search of new ways to make money, cybercriminals have found ways to monetize data available on social networks. These methods take advantage of personal information shared by users, compromised social media accounts and abuse of user trust relationships. Here is a closer look at the ways cybercriminals monetize information obtained from these networks.

Exploiting Personal Identifiable Information Harvested From Social Networks

There is an enormous amount of personal information available on social networks. On the user profile pages alone, information about the user’s date of birth, relationship status, location, schools attended and place of work is often displayed. By further researching connections and posts, it is easy to figure out family relationships, friend circles, main interests, hobbies and much more.

Cybercriminals are harvesting this information in order to obtain answers to security questions used to verify the user’s identity when attempting to log in to sensitive services such as online banking sites. With a bit of research, a fraudster can find out someone’s mother’s maiden name, the name of their favorite pet and their childhood nickname. The fraudster will then use this information to pass security questions, impersonate the victim, gain access to the victim’s banking and e-commerce accounts and execute fraudulent actions.

This type of personal identifiable information (PII) harvesting doesn’t require any sophistication or the use of special tools from the fraudster. However, today’s developed and mature underground provides fraudsters with plenty of methods and tools that can be used to automate the task. Furthermore, fraudsters can easily find suppliers that facilitate PII harvesting and sell complete user profiles to fraudsters. As e-commerce and other paid online services harden their security procedures, these cybercrime vendors who specialize in harvesting PII are highly sought-after in the fraudster underground. There is a complete industry that revolves around trading private information.

The screenshot below shows an example of an underground vendor offering a free sample of the harvested data available for purchase, including the person’s credit card information, Social Security number and PayPal password.

Figure 1: A sample of personal information available for sale on the underground.

Obtaining Social Network Payments Settings

Another way cybercriminals and fraudsters can monetize information available on social networks is by targeting payment information that may be stored on user profiles. To monetize the payment information, fraudsters use compromised account login credentials that can be obtained through common phishing or malware attacks, and malicious social applications.

Payment settings on these networks allow users to initiate in-app purchases directly from social media applications and games. For example, a user may be interested in purchasing extra moves in a game or purchasing accessories for an avatar. Payment settings are also needed to purchase social network advertising. Advertisers are fans of social networks because it enables them to target a relevant audience based on geolocation, demographics and more.

Figure 2: Facebook payment settings.

Figure 3: An example of an in-app purchase.

Knowing that payment settings are enabled for many user accounts, fraudsters are constantly in search of social media account credentials. Compromised user credentials allow the fraudster to gain full control over the victim’s social media account. Once the fraudster has control over the account, a malicious application can be installed. Such an application will forcefully create in-app purchases directing money to the fraudster’s account.

However, fraudsters aren’t limited to compromised accounts. They can also spread such malicious applications by creating ad campaigns and encouraging users to enable the malicious application on their account.

Abusing Business-Consumer Trust Relationships via Fan Pages

Social media changes the way consumers think and react to products, services and everyday life. Engaging with consumers online helps build trust and drives business and product success. Therefore, it is essential for businesses to stay engaged with their consumers over social media fan pages.

Aware of the fact that brands are building trusting relationships over social media fan pages, cybercriminals are looking for ways to exploit this trust for their needs. Compromising trusted fan pages enables cybercriminals to reach hundreds and thousands of consumers at once. Over the past few months, we have seen a rising trend in fraudster underground forums discussing the ways to compromise and gain control over trusted social media pages. Some of these discussions offer credentials to social media accounts that promise they will provide control over trusted fan pages.

Below are some examples of these discussions in bulletin boards operated by fraudsters:

Figure 4: A fraudster selling credentials of a victim in control of a Facebook fan page with 20,000 likes.

Figure 5: A fraudster seeking to buy a fan page with many likes for the budget of $50-$100.

Once a cybercriminal gains control over a public brand’s social network presence, it is easy to lure consumers to phishing sites, where they will be asked to submit their credentials. For example, if a consumer visits a compromised fan page of a bank and clicks on a phishing link, the consumer can be routed to a fake login website where he or she will provide his or her bank account details to the cybercriminal. The cybercriminal can then sell the information to other fraudsters or use this information to commit fraud.

Another option is to lure consumers to access exploit sites or convince visitors to download malware to their endpoints. A compromised endpoint infected with advanced malware allows the attacker to not only gain further access to information on the endpoint itself, but can also open up a variety of potential cybercrime vectors that enable attackers to offer their botnet for distributed denial-of-service activities or proxies addresses.

In today’s fast-paced world of social media, it’s easy to forget that the information we share online with our friends, family and business contacts is highly sought-after by fraudsters. Various methods are used to monetize information shared online, the user accounts used for sharing information and the trusted relationships between advertisers and consumers. The success of current monetization methods will drive fraudsters to perfect and hone their current tools and skills and come up with more innovative schemes to exploit social networks and the information shared on them.

More from Fraud Protection

Remote access detection in 2023: Unmasking invisible fraud

3 min read - In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat. Let’s examine the modus operandi of fraudsters, prevalence rates across different regions, classic detection methods and Trusteer’s innovative approach to RAT detection through behavioral analysis. A rising threat As Fraud detection methods become more and…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

What to do about the rise of financial fraud

6 min read - As our lives become increasingly digital, threat actors gain even more avenues of attack. With the average person spending about 400 minutes online, many scammers enjoy a heyday. Old impersonation scams continue to deceive people every day, as con artists and hackers are armed with advanced technologies and sophisticated social engineering tactics. According to the Federal Trade Commission, financial fraud increased by over 30% from 2021 to 2022, with total losses surpassing $8.8 billion. This ever-evolving threat will continue to…