Fraudsters selling personal details through social media sites

This included advertising stolen identities, credit card details, compromised Netflix and Uber Eats accounts and even fake passports made to order. All were found easily by searching simple, barely disguised slang terms for fraud.

Fraud cases have risen by a fifth in the last year, while losses to coronavirus-related scams already reaching £2 million. Which? said it is concerned that the results of its investigation – carried out before the Coronavirus outbreak took hold in the UK – highlight how lax measures to prevent the trade of personal and financial information on these platforms could be exploited by criminals looking to take advantage of the crisis.

One fraudster on Twitter offered full credit card details of someone with a ‘£13k+ balance’ for £100, or three sets of card details for £200. Another offered a phoney passport for £3,000, which could have potentially been used as proof of ID to open bank accounts and credit cards.

After searching for and viewing such accounts, the site suggested following ones offering similar services through its “who to follow” section.

On one illicit Facebook group, the full identity of one man - including his full name, date of birth, address and mobile number - were all listed alongside complete financial information including his credit card number, CVV number and expiry date, sort code and the name of his bank.

The details, which had been up for four months, were being given away for free, potentially as a tactic designed to prove the seller’s credentials for future deals.

In addition, Which? found Instagram users sharing price lists detailing how much it would cost to acquire full identities, as well as ‘fraud bibles’, offering advice to novice hackers and scammers on how to create fake identities and use stolen card details.

All 50 of the groups, pages and profiles were reported to their respective social media platforms via their in-site reporting tools.Facebook initially refused to remove the post containing the man’s details, on the basis that it ‘doesn’t go against one of our specific community standards’.

When Which? requested a review of the decision through the reporting tool, the post was removed, but the hacker group it was posted on remained up.While Facebook also removed a few other isolated posts that Which? reported, when a researcher checked six days later, it had allowed every page and group to remain. Instagram and Twitter had not removed any content at all and it was only when the content was presented to the platforms’ media representatives that it was ultimately all taken down.

Katy Worobec, managing director of Economic Crime at UK Finance, said: “Criminal gangs are continuing to exploit social media platforms to commit fraud, whether it’s selling stolen identity and card data, recruiting ‘money mules’ or targeting the public with coronavirus scams.

“Banks are taking action on all fronts to protect customers from fraud, including working closely with law enforcement to identify and take down fraudulent activity on social media where possible.”

She added: “But we cannot win this fight alone. Every part of society including social media companies must play their part in protecting innocent victims and preventing money getting into the hands of criminals.”

Jenny Ross, editor of Which? Money, said: “It’s astonishing that social media sites make it so easy for criminals to trade people’s personal and financial information, particularly as fraud is such a prevalent crime that can have devastating consequences.

“Social media firms must take much stronger action to prevent their sites becoming a safe haven for scammers, and should work with the financial industry and police to address serious flaws with their platforms.”

Facebook, which also owns Instagram, said: “Fraudulent activity is not tolerated on our platforms, and we have removed the groups and profiles flagged to us by Which? Money for violating our policies. We continue to invest in people and technology to identify and remove fraudulent content, and we urge people to report any suspicious content to us so we can take action.”

Twitter said: “It is against our rules to use scam tactics on Twitter to obtain money or private financial information. Where we identify violations of our rules, we take robust enforcement action. We’re constantly adapting to bad actors’ evolving methods, and will continue to iterate and improve upon our policies as the industry evolves.”

A message from the Editor

Thank you for reading this story on our website. While I have your attention, I also have an important request to make of you.

With the coronavirus lockdown having a major impact on many of our advertisers - and consequently the revenue we receive - we are more reliant than ever on you taking out a digital subscription.

Subscribe to scotsman.com and enjoy unlimited access to Scottish news and information online and on our app. With a digital subscription, you can read more than 5 articles, see fewer ads, enjoy faster load times, and get access to exclusive newsletters and content. Visit https://www.scotsman.com/subscriptions now to sign up.

Our journalism costs money and we rely on advertising, print and digital revenues to help to support them. By supporting us, we are able to support you in providing trusted, fact-checked content for this website.

Joy Yates

Editorial Director