Trustworthy Thoughts: The Identity & Trust Blog

Trust Is an Essential Pillar of Social Media Platforms

Written by Pipl Team | Nov 18, 2022

On social media, all the world's a stage, complete with actors and audiences, heroes and villains. Anyone can play a role. Because social media sites want as many accounts as possible to drive monetization, they perform little—if any—identity verification to screen participants. This makes social media a hospitable environment for every imaginable form of online abuse, scams and fraud.

Unlike "transaction" sites where users pay for products, on social media the users are the product. Case in point is Meta (formerly Facebook). According to Investopedia1, the company's 10-K filing with the U.S. Securities and Exchange Commission (SEC) lists its average revenue per user (ARPU) as $32.03. Revenue is derived from advertising sales. With 2.89 billion monthly active users worldwide, Meta's resulting market capitalization is over $1 trillion. The more users, the better.

Social sites make it easy for people to create accounts because users drive revenue and create a broad community experience. Verifying the identities of all users can be cost prohibitive so most platforms adopt a reactive approach: Prioritize getting users on the platform and then manage any potentially adverse consequences through content moderation or threat detection. Users of all types happily take advantage of the ease of signup, creating a profile for each site they frequent. On average, social media users have 8.4 social network profiles2, according to Finances Online. With few identity verification requirements on most social platforms, it's easy to see why bad actors flock to social platforms to pursue their specific goals, whether it's scam

Fake Profiles Are Just the Beginning

Everything starts with fake profiles. They're easy to create from email addresses, usernames, mobile phone numbers, IP addresses and cookies culled from data breaches over recent years or acquired on the dark web. Scammers exploit compromised accounts to steal personal information and study the details people share publicly. With fake profiles in place, cyber creeps have a platform for launching their tactics and running scams. These include:

  • Phishing and spam: Sending emails or messages that appear to be from a trusted source but are attempts to solicit personal or financial information.
  • Business Email Compromise (BEC) scams: Cybercriminals try to trick executives or employees into revealing sensitive information or transferring funds.
  • Remote access scams: Sending emails or messages that appear to be legitimate but contain links that when clicked will download malware or code designed to gain access to the user's device.
  • Personal appeal: Impersonating celebrities, journalists or a social media friend to solicit personal or financial information.
  • Free app downloads: These offers are intended to gain personal information or to download malware onto the user's device.
Phishing is usually a first step toward committing future fraud. Social media sites represent a large pool of easily accessible targets. One major Facebook Messenger phishing scam affected millions of Facebook users3. Threat actors logged into compromised accounts and sent out phishing links to the users' friends via Facebook Messenger. Usually, Facebook's internal threat intelligence team spots these credential-harvesting schemes. However, this group used legitimate app deployment services to be the first link in the redirect chain once the user clicked the link. Facebook could not block the malicious links without also blocking legitimate apps and links.

Going for the Money

Scammers can easily use the same tools as legitimate social media advertisers to systematically target people, based on details such as their age, interests or past purchases. Data from the U.S. Federal Trade Commission (FTC) suggests social media was the most profitable avenue for scammers to reach people in 2021. In 2017, the agency received 50,000 reports of consumer fraud claims. By 2021, that number had risen to 95,000 with $770 million in losses. More than one in four people who reported losing money to fraud in 2021 said it started on social media with an ad, a post or a message.

Ads for fake products abound. In nearly 70% of these reports, people saw an ad, placed an order and never received the merchandise. Some bad actors don't even bother trying to be original. They simply impersonate real online retailers and drive people to look-alike websites. When victims identified a specific social media platform in their reports of undelivered goods, 9 out of 10 named Facebook or Instagram.

Investment and romance scams follow a similar pattern. There has been a massive surge in reports to the FTC about losing money to investment and cryptocurrency scams. Scammers use social media to promote their bogus schemes and even connect with people directly to encourage them to invest. Romance scams usually begin with a seemingly innocent friend request from a stranger, followed by charming correspondence and then a request for money.

Beyond Fraud—Nefarious Deeds

Fake products are bad enough, but having an "open front door" with minimal identity verification has also resulted in social media platforms becoming profitable vehicles for truly evil individuals. The number of drug-related fatalities among youth under the age of 24 has skyrocketed—93,000 in 2020 alone—due to fake Percocet, Xanax and other pharmaceuticals filled with fentanyl being sold on social media sites4.

The inability or unwillingness to verify account details, such as age of account holders, can land social platforms in hot water. TikTok has quickly gathered a huge global base of users. Although a user must be at least 13 to have an account, a 2020 report found that 42% of UK 8- to 12-year-olds used the app5. Not only did this raise questions about how these children were able to open an account, it also raised suspicions that the app could be collecting data about children without legal consent, warning or transparency. About the same time, The New York Times reported that TikTok classified 18 million users—more than one-third of its daily user base in the U.S.—as being 14 years or younger. This despite the fact that in 2019 U.S. officials had fined ByteDance, the Chinese tech company that owns TikTok, $5.7 million for illegally collecting the personal data of children younger than 13.

Fake social media accounts also have been set up in the names of well-known figures involved in horrific crimes. People remove images from the criminal's social sites and make it look as if they are the actual criminal. Online abuse campaigns have been started by students against teachers, against sports stars and against perceived personal rivals.

Trust Preserves the Social Order

Without a way to verify the identities of account holders, social media platforms are forced into a reactive stance when fraud, intimidation or other situations arise. Brands are tarnished, and users jump ship to the next best thing in the competitive social media landscape. However, the ability to validate the identities of all users—at any point, across all interactions and over time—can begin to build a trusted foundation for safe interaction and legitimate promotion. That's because trusted identities can be counted on to "like," share and comment in a genuine way. The entire platform benefits from safe, frictionless online experiences, which in turn helps build trust and attract new users. Trusted identities enable organizations to keep the door open for social interaction while greatly reducing risk and exposure to online abuse, scams and fraud.

Want to know more? Download The Trust Paradigm for Online Business or learn how Pipl Trust helps organizations keep users happily—and safely—engaging on their social platforms, here.

Sources:

1. “How Facebook (Meta), Twitter, Social Media Make Money From You,” Investopedia, 2021
2. “Number of Social Media Users in 2022/2023: Demographics & Predictions,” Finances Online, 2021
3. “Facebook Messenger Scam Duped Millions,” Threat Post, 2022
4. “Online Nation: narrative report,” The Guardian, 2021
5. “Online Nation: narrative report,” Ofcom.org, 2020