In the social media world of nearly 4 billion users, here’s an eye-opening look at the most common social media scam statistics — victims, costs, tactics, and other need-to-know data — that you should know
As the use of social media continues to grow, it’s no surprise that the prevalence of social media scams is increasing with it.
But what types of cons qualify as social media scams? Social media scams are any type of fraudulent or malicious activity that involves a bad guy trying to get or use another person’s information (or getting them to do something they shouldn’t) using social media and social networking platforms. These platforms can serve as both the avenues of attack or places to gather information about their targets.
Social media scams are a broad category and include (but are in no way limited to):
- Phishing scams and social engineering attacks
- Identity theft and account takeovers
- Catfishing, romance and dating scams
- Fraudulent marketing scams and fake influencer traffic
- Malicious link hiding via URL shorteners
While there are many other types of social media scams — such as offers of free money or gifts, chain letter scams, fake job listings or workers for hire, and (of course) Coronavirus-related scams — we don’t have time to go into all of them. But what we’d like to do is share some of the top scam statistics we could find relating to social media.
Scam Statistics: A Social Media Environment Overview
Before we jump right in to covering the top statistics related to specific social media scams, we thought it might be helpful to first cover some general social media industry related statistics to help provide some context.
1. More than 3.8 Billion People Are Using Social Media
DataReportal, in collaboration with Hootsuite and We Are Social, share in their Digital 2020 Global Overview Report that there were more than 3.8 billion social media users at the start of 2020. That number is an increase of nine percent over what they reported in their previous annual report.
Considering that the United Nations estimates that the world’s current total population has surpassed 7.7 billion, this means that roughly half of the global population uses social media. That’s a whole lot of potential targets for cybercriminals.
2. Social Media Cybercrimes Generate Global Revenue That Tops $3.25 Billion Annually
Research from Bromium and Dr. Mike McGuire, a Senior Lecturer in Criminology at the University of Surrey, shows that social media is a tool that cybercriminals love to use to their advantage. Their report indicates that “social media-enabled cybercrimes are generating at least $3.25B in global revenue annually.” Furthermore, the criminal revenues that are generated by social media-enabled fraud have increased more than 60% since 2017.
3. Facebook Had Three of the Worse Cases of Data Exposure in 2019
Not once, twice, but three times last year, Facebook was guilting of being the target of egregious data exposures, SonicWall reports in their SonicWall 2020 Cyber Threat Report. The events, which occurred March 21, April 2, and Dec. 14, resulted in the exposure of between 267 million and 600 million users — or an average of 469 users — per incident.
4. Social Media Incidents of Abuse Increased Nearly 200% in 2018
Data from PhishLabs indicates that in 2018, the abuse of social media increased almost 200%!
5. One in Four Transactions on Social Networking and Dating Platforms Are Cyber Attacks
The Q2 2020 Fraud and Abuse report from Arkose Labs reports that 27% of social transactions that took place between January and March 2020 were actually attacks. Furthermore, the report also shares that although they decreased in Q2 2020 compared to Q1 2020, “One-fifth of traffic on social media companies is an attack.”
6. Australians Report Losing Nearly $23 Million in Social Networking Scams in 2019
The Australian Competition & Consumer Commission’s Crime Watch website reports that there was $22,095,164 in reported losses from 8,195 victims in 2019. Now, compare this to the $15,769,203 in reported losses from 6,829 victims in 2018.
7. Only 30% of U.S. Adults Understand What HTTPS Means in a URL
That’s definitely not the kind of stat website and cybersecurity experts like to see. But according to the American Trends Panel Survey from Pew Research Center, only three-in-10 respondents indicate that they understand that the “HTTPS” in a website address means a website is secure, meaning that the data is encrypted. This means that when they’re clicking on links in social media posts, emails, or other channels, they 70% of those who do so may not actually know whether any information they share is secure
Social Media Scam Statistics: Phishing Scams and Other Social Engineering Attacks
Current industry phishing statistics show that phishing has been — and continues to be — a major issue for individuals and organizations alike. Threat actors are using all sorts of avenues to target their potential victims, and social media and social network platforms are among them.
Cybercriminals often use social media in two ways: they use it to gain useful information about their targets and as a way to trick them into doing something they shouldn’t. The first is useful because it provides a means for criminals to learn important information that they can use to con individuals, as well as to guess their login credentials to compromise accounts. The second is a more straightforward method of attack and often involves the threat actor sending the victim a malicious link.
Some threat actors use tactics like developing quizzes and questionnaires that people share on their social accounts. While seemingly innocent, these quizzes are virtual data goldmines for cybercriminals, which they can then use to take over accounts or commit identity theft.
8. Nearly Half of Internet Users Report Increasing Spam on Social Media
The results of a HubSpot survey of 542 internet users in the U.S., Canada, and the United Kingdom indicate that 46.9% of users have noticed more spam in their social media feeds.
9. More than 12% of Phishing URL Clicks Were Accessed Via Social Media
An academic study of more than 7,000 malicious Bit.ly shortened URLs (pulled from a total of more than 300,000 malicious URLs) shows that the majority were access directly, meaning via instant messages, email clients and applications. However, 12.14% of phishing URLs that were clicked on were accessed via social media and 3.67% via social networks. For malware URLs, the numbers of clicks were 8.33% of clicks were via social media and 8.32% were through social networks.
10. More Than 5% of Phishing Attacks Occur Via Social Media
The PhishLabs research we mentioned a little earlier indicates that one-in-20 phishing attacks are associated with social media in some way.
11. 67%: How Many U.S. Adults Understand the Phishing Scams Can Occur Via Multiple Platforms
The truth of the matter is that when it comes to phishing, social media is just one of any avenues of attack that cybercriminals choose to use. Others include the use of email, text messages (SMS texting), and websites. However, data from Pew Research Center’s American Trends Panel survey of 4,272 panelists indicates that only two-thirds of those survey respondents actually understand that phishing scams can happen across multiple platforms.
12. 96% of Organizations in Japan Reported Experiencing Social Media Phishing Attacks in 2019
More than nine-in-10 Japanese organizations that participated in Proofpoint’s 2020 State of the Phish report indicate that they experienced at least one social media attack in 2019. Half reported 1-10 attacks in that time, and another 23% said they experienced between 11 and 25 such attacks.
13. 78% of U.S. Organizations Reported Experiencing Social Media Phishing Attacks in 2019
U.S. organizations reportedly experienced fewer social media attacks than their Japanese counterparts in 2019, according to data from Proofpoint’s 2020 State of the Phish annual report. One-quarter of respondents indicate that they experienced 1-10 phishing attacks, and another 26% indicate that they experienced between 11 and 50 such attacks during the year.
Social Media Scam Statistics: Identity Theft, Account Takeover, and Duplicate & Fake Accounts
A person’s identity is among their most valuable intangible possessions. If a cybercriminal takes over their identity, as most identity theft survivors will tell you, it’s a nightmare to deal with and is something you’ll struggle with for years to come. But despite these concerns, social media users are often times willing to share personal data and personally identifiable information (PII) about themselves on social media that they’d never do in a face-to-face setting with strangers. Cybercriminals know this and use these platforms in different ways to gain valuable information about their targets.
14. Email and Social Media Identity Theft Increased 10% in 2019
The Federal Trade Commission (FTC) reports in their Consumer Sentinel Network Data Book 2019 that there were 650,572 cases of identity theft reported in 2019. Their data also shows that email and social media-based identity theft increased 10% in 2019 to 10,356 reports.
15. 20% of Identity Fraud Losses Large Banks Incur Is Due to Synthetic Identity Theft
Although you may not be familiar with the term, synthetic identity theft is reportedly the world’s fastest-growing financial crime. This type of crime involves the creation of a new, fake identity using a target’s PII (including their social security number) and images that the cybercriminals get from social media accounts and other online sources.
According to a report by the Federal Reserve, to pull off synthetic identity fraud:
“[…] perpetrators combine fictitious and sometimes real information, such as SSNs and names, to create new identities to defraud financial institutions, government agencies or individuals.”
So, for example, this means that instead of just using John’s Smith’s identity to commit fraud, the criminal will instead use John Smith’s social security number to create a new identity called Jack Sparrow. They’d then use images of John Smith (or someone else) that they find online and on social platforms.
Cybercriminals often use social media to create profiles for their fraudulent identities to help legitimize these fake personas, which they can then use to apply for credit cards.
16. 1.3 Billion Social Media Users’ Data Compromised
Bromium and McGuire report that within the past five years, the data of more than 1.3 billion social media users has been compromised. Considering that there’s 3.8 billion social media users globally, that means that more than one-third of all users worldwide have had their data compromised in that time.
17. Facebook Reports Having 275 Million Duplicate Accounts in 2019
Facebook is a technology giant with 2.5 billion monthly active users (MAUs) reported as of Dec. 31, 2019. But being such a behemoth isn’t without its troubles. For example, the company reported to their U.S. Securities and Exchange Commission (SEC) filings report that 11% of their global MAUs were actually duplicate accounts.
According to the report:
“In the fourth quarter of 2019, we estimated that duplicate accounts may have represented approximately 11% of our worldwide MAUs. We believe the percentage of duplicate accounts is meaningfully higher in developing markets such as the Philippines and Vietnam, as compared to more developed markets.
18. Facebook Reports 125 Million Monthly Active Users in 2019 Were Fake Accounts
But duplicate accounts weren’t Facebook’s only issue concerning their monthly active users last year. According to Facebook’s Dec. 31, 2019 SEC annual report, false user accounts are also an issue:
“In the fourth quarter of 2019, we estimated that false accounts may have represented approximately 5% of our worldwide MAUs. Our estimation of false accounts can vary as a result of episodic spikes in the creation of such accounts, which we have seen originate more frequently in specific countries such as Indonesia and Vietnam.”
But what qualify as false accounts?
- “User-misclassified accounts” — personal profiles that are created for organizations and non-human entities (such as pets) instead of pages; and
- “Violating accounts” — user profiles that are used for spam, bots, and other activities that violate the platform’s terms of service.
19. Identity Theft Among the Top Three Most Reported Scams in Australia
Identity theft was the third most commonly reported scam with 11,373 victims reported in 2019, according to data from the Australian Competition & Consumer Commission’s Crime Watch website. The two most commonly reported scam methods that had more victims were phishing (25,170) and scams that involved “threats to life, arrest or other” (13,375).
20. 99% of Social Media Users Access Platforms via Smartphones
Account takeover should be a concern for anyone who uses digital technology to access financial and banking apps, email accounts, and other personal information. And the use of malicious websites that contain malware is a constant threat. So, what happens if social users click on malicious links that are shared in posts and private messages?
Considering that DataReportal’s Digital 2020 April Global Snapshot reports that nearly all social media access their favorite social platforms using their mobile devices, it means that any personal information and apps with saved credentials on those devices are at risk to account takeover or identity theft scams.
Social Media Scam Statistics: Catfishing, Romance and Dating Scams
First, let’s start with a clarification. While some online romance fraud scams are considered catfishing scams, not all online romance scams are catfish. It’s kind of like the distinction of how all types of apples are fruit, but not all fruits are apples.
The BBB makes this important distinction between the two types of scams:
“In a typical catfishing scheme, the catfisher sets out to deceive his or her victim, but does not at first intend to take money; in a romance scam, the perpetrator intends from the beginning to defraud the victim.”
With this in mind, here are some of the top social media scam statistics relating to online romance and catfishing scams.
21. More Than $475 Million in Losses from Confidence Fraud/Romance Scams Reported in 2019
In their 2019 Internet Crime Report, the FBI’s Internet Crime Complaint Center (IC3) shows that there was $475,014,032 in reported losses due to confidence fraud and romance scams in 2019 alone. The report also indicates that there were 19,473 reported victims in that same period. That’s an average loss of $24,393.47 per person!
22. 20-30% of Romance Scam Victims Were Used as Money Mules in 2019
Did you know that anywhere between 20 to 30 percent of romance scam victims were used as “money mules” in 2018? This data was reported in the Better Business Bureau (BBB). This means that they were used to do everything from receiving goods that were purchased using stolen credit cards to laundering money.
What makes this social media scam statistic even more sickening is that this type of scam doesn’t affect just a few people — victims number in the thousands every year. And those are just the ones that we know about who report the crimes! The FBI’s Internet Crime Complaint Center (IC3) reports that they believe that many romance scam victims never bother to come forward out of shame and embarrassment.
23. The USMC Awarded a $79,000 Contract to a Company to Develop a Tool to Stop Fake Social Profiles
Scams involving the use of fake social media profiles of real U.S. Marines and other members of the armed forces are a big issue. The U.S. Marine Corps saw it as so much of an issue that they awarded nearly an $80,000 contract to SNS Discovery Tool to develop a program that would mitigate phony social media profiles.
Social Media Scam Statistics: Fraudulent Marketing Scams and Fake Influencer Traffic
Every company and social media influencer is looking for ways to grow their audience. After all, the larger your reach, the more eyes that will see your ads and content. But social media fraud (SMF) services and fake social engagement make doing so a lot more difficult (and costly) for advertisers and companies to achieve.
24. Invalid Clicks Estimated to Cost Businesses Globally $23.7 Billion by the End of 2020
Data from Cheq, an anti-fraud solutions company, and Professor Roberto Cavazos at the University of Baltimore’s Merrick School of Business shows that 14% of paid per click (PPC) spending is invalid — a number that they expect to see grow. This means that they estimate invalid PPC clicks and paid social fraud will have an annual price tag of nearly $24 billion by the end of the year.
So, what’s responsible for causing these invalid clicks? According to the report:
“These invalid clicks are driven by many different sources, from standard web crawlers, to malicious bots, click farms, ad-fraud schemes and even competitor clicks with the largest spending enterprise accounts hit hardest by sophisticated invalid click fraud.”
25. Fake Influencer Marketing to Cost Advertisers $1.5 Billion Annually in 2020
Influencer marketing is a big market — but not all influencers’ audiences are what they seem to be. Data from another report by Cheq and Cavazos shows that fake influencer marketing is anticipated to cost advertisers a cool $1.5 billion this year. That’s because some influencers inflate their follower count by buying
26. Social Influencers Can Buy 1,000 Social Media Followers for as Little as $12
A 2017 academic research article from researchers at GoSecure Research and the University of Montreal shows that social media fraud is cheap and easy to pull off through the use of an IoT botnet. For example, take a look at some of the median prices per 1,000 followers that influencers can buy on some of the world’s leading social media platforms:
- Facebook: $29
- Twitter: $12
- Instagram: $13
- YouTube: $51
Social Media Scam Statistics: The Use of Shortened URLs and Malicious Links
While some companies are good at keeping their uniform resource locators (URLs) short, some individuals go out of their way to create long ones that they know people won’t bother to read. Fun fact: The longest URL in internet history consists of a grand (and ridiculous) total of 2,083 characters.
To combat growing URLs, people started using URL shorteners, or what are known as short links. The use of these shorteners has increased dramatically since the technology was first used in the early 2000s. And while these shortened redirects are great for making links shorter and more shareable, they’re also a preferred tool of many threat actors. Why? Because they’re great for helping cybercriminals hide malicious destination links.
Threat actors can use shortened URLs to drive their phishing campaigns or to force the download of malicious software such as cryptomining malware.
27. Bit.ly and Bitly.com Link Shorteners Are Used in Nearly 41% of Phishing Attacks
Data from an article by Lookingglass Cyber Solutions indicates that the link shorteners used in 40.9% of phishing attacks are bit.ly and bitly.com. But what are some of the other most commonly used (and abused) short links?
According to SURBL.org, as of May 20, 2020, the five most abused redirectors are:
28. Cybercriminals Steal $250 Million Through Social via Cryptomining & Cryptojacking Attacks
Social media also is a key avenue of attack for cryptominers, the research from Bromium and McGuire shows. On social media platforms, advertisements, apps and links serve as the leading delivery mechanisms for cryptomining malware strains such as Digmine. These types of attacks help cybercriminals bring in $250 million annually.
Furthermore, the report also indicates that:
“Up to 1 in every 500 of the most searched-for websites are estimated to carry such software, with social media occupying 4 out of the top 5 slots.”
29. Infected Advertisements Account for Up to 40% of Social Media Malware
Infected advertisements on social media are known to deliver viruses and other types of malware when clicked, Bromium and McGuire report. What’s disturbing is that between 30 and 40% of social media malware result from users clicking on compromised advertisements.
Final Thoughts on Social Media Scams and Related Statistics
Social media is both a blessing and a curse. While social platforms provide an unparalleled way for individuals to network and stay in contact with family members and friends, they also serve as a virtual playground for cybercriminals that’s ripe for abuse.
Scams, in and of themselves, are nothing new — it’s just that criminals are now turning to the digital world more frequently to help them carry out their cons.
As you can see from our list of 29 social media scam statistics, these threat actors can use these platforms to:
- Target users for phishing campaigns,
- Steal PII and other sensitive information to perpetrate identity theft and other forms of fraud, and to
- Deliver malware to carry out other cybercrimes.
This is why you and your employees need to make yourselves more challenging targets on social. You can do this by:
- Using authentication tools. For example, you can use two-factor authentication (2FA) and multi-factor authentication (MFA) to secure your online accounts, including any social media and networking accounts.
- Limit the personal information you share online. Set your profiles to “private” and don’t post any information that you wouldn’t mind cybercriminals getting their hands on.
- Don’t accept unsolicited connection invitations. No matter whether it’s a stranger or someone you know, be judicious about who you connect with online. Check to see whether the profiles look fake or legitimate (for example, see how recently the profiles have been created). If you receive any suspicious add requests, spam ‘em.
- Avoid clicking on social advertisements and marketing promotions. Malicious links are real and increasingly prevalent threats — don’t click on them and risk making yourself a victim.