A new front in fraud prevention
Online cyber gangs stealing credit card numbers and other important pieces of personal information have unfortunately made news more frequently as identity theft and online fraud continue their assent alongside the shift away from traditional brick and mortar shopping. As ecommerce sales continue to grow, validating an online customer has become an increasingly important task for internet retailers and few places are more important for validating those customers than social networks. But what and how are some of the ways that fraudsters are using and abusing social media? A quick story experienced by many people shows one method online criminals commonly use.
As a social media addict, the joy I reap from adding a new friend is slightly embarrassing to admit. Recently, when I logged into my Facebook profile and saw the little person icon colored red, I immediately clicked to see who was requesting to be my new ‘friend’. The request was not a friend, but an obviously fake profile featuring a picture of a woman I did not recognize from a recently created profile with a variety of smutty pictures just safe enough to avoid Facebook’s porn filters. Naturally, I declined the invite, but not before noticing that 99% of this “person’s” online contacts were also recently added and were all men scattered from different parts of the world. Over the course of my 5+ years on MySpace, Facebook, and more recently LinkedIn this has happened on all three social networks with fake friend requests increasing each year.
Social media, a rich data source for fraudsters
There could be a variety of reasons that these social media fakers are reaching out to me. But one reason that is most certainly true is that these fraudsters are building fake online profiles to help supplement their stolen data as social media begins to play a larger role in fraud prevention. A customer that has an absent digital footprint or has a social media profile that relays contradictory information to the information contained in the checkout is increasingly being held up for manual review. Therefore fraudsters are increasingly staging what is known as ‘account takeovers’ or simply, creating fake social media accounts for their stolen data so as to create a consistent information flow that will not get held up in manual review when making a purchase online with their stolen information.
How can I tell the good social media accounts from the bad?
What fraudsters cannot fake though is the longevity of an account, or the activity of it. Not only would it take legions of criminals continually updating their fake profiles for it to appear that their accounts are active, the fraudsters would also have the odd task of replying to messages from real people reaching out to those accounts. And lets not forget that if any individual discovered that someone had created a fake profile in their name the likelihood of that profile being shut down almost immediately is high.
Here are a few points that are indicators of good profile:
- Heavy activity
- ‘friends’ are also actively communicate with the account.
- Personal information is listed such as a phone number, address or place of work
Some points on a bad profile would be:
- Account was recently created
- Account has low traffic, usage, and comments are never replied to
- There is no visible connection to the user and friends
- No personal information is listed
Criminals hide in the shadows, not wanting their actions to be found. But social media is a giant glaring flashlight, highlighting their activity. It’s glaringly obvious if a fraudster with a stolen identity makes a purchase and shipment in a state not associated with the victim’s area of residence. By simply utilizing the data that consumers are willingly putting onto the web themselves, fraud prevention companies like Signifyd are better able to fact check every data point to stop cyber criminals in their tracks. Social media is a powerful crime prevention tool to be utilized, and Signifyd is helping lead the way. If you are interested in speaking to us on this topic or are looking to stop fraud for your company, please reach out to us at firstname.lastname@example.org or at email@example.com. Thanks for reading!