In September last year, at least 16 Arabic-speaking countries woke up to news that their residents might have been scammed.
The threat actors, who had apparently taken the Ponzi-scheme route, had posed as reliable government organizations or reputed brands, and asked people to share hyperlinks to suspicious websites with as many as 20 WhatsApp contacts to win lucrative prizes.
How many people’s personal details of computers were compromised is anybody’s guess, but it shone the spotlight on the potential — and possibly immeasurable — harm that social medua scams may inflict.
Scammers are constantly devising new and innovative ways to trick people out of money or to harvest personal data, which can be used for financial gain.
And social media has turned out to be their route of choice to perpetrate their crimes.
Why social media?
For fraudsters, social media is a dream come true.
Around 40 percent of the world’s population uses social media platforms like Facebook, Twitter, WhatsApp, and Instagram, with a million new users added every day.
Because of this popularity and the open nature of such platforms, fraudsters can easily reach a vast number of potential victims, targeting specific demographics and personalizing scams to make them more convincing.
Furthermore, social media gives fraudsters the ability to hide their identities and motives with fake profiles and accounts.
Widespread regional threat
As consumers moved increasingly online due to the restrictions imposed by Covid-19 lockdowns, scams and fraud are becoming a serious concern to businesses and individuals alike.
This can be traced partly to the rapid pace of internet adoption, with digital becoming the principal channel for many aspects of life, from banking and retail to entertainment and communication.
Recent research by Callsign, a digital identity protection and security company, has revealed that scams have targeted 66 percent of people in the UAE in recent years, and the phenomenon is only growing.
“The popularity of social media sites makes them an appealing route for scammers,” said Saeed Ahmad, Callsign’s Managing Director for the Middle East and North Africa.
MEA users spend the most time of their online sojourn on social networks, “averaging 3.5 hours each day,” he said.
“As the usage of social media grows, scammers have turned to it to target customers, with over one-third — 36 percent, to be exact — of regional customers reporting receiving scam communications on sites such as Facebook, Instagram, and Twitter,” he told TRENDS.
Ahmad indicated that these channels are often used for lottery and clickbait scams.
With little to no identity verifications on these sites, scammers can easily impersonate brand pages, send malicious links, ask for customers’ personal information, and extract their details through messenger applications.
According to the Callsign survey, 54 percent of regional consumers do not trust social media businesses to share their personal information.
Around 12 percent of the respondents said they had lost trust in these platforms after being deceived and losing money, and 21 percent have stopped using social media applications because they have been victims of scams.
Additionally, 53 percent of regional consumers said social media companies should protect them against these scams.
The survey also revealed that 29 percent of the respondents received social media communications from scammers masquerading as retailers, while 21 percent reported receiving them from scammers impersonating their bank.
This, of course, has ramifications for both the impersonated company and the social media platform in question.
Most vulnerable channels
Scammers use a variety of channels, and email and SMS are just two of them.
Fraudsters are increasingly using phone calls, social media, and messaging applications as attack vectors, adding to the daily volume of scams consumers receive.
As a result, people’s trust in these channels has diminished.
“Scammers are increasingly using SMS to target vulnerable end-users,” said Ahmad.
“According to our research, 67 percent of regional consumers have been victimized by a fraud through this channel.”
The development of one-time passcodes (OTPs), which companies use as authentication techniques, has ironically given this attack vector new life.
OTPs are vulnerable to SIM swap, which allows fraudsters to intercept and use passcodes given to customers.
Ahmad went on to say that when it comes to emails, people in the UAE are likelier to get one from a scammer than a family member.
In addition to SMS scams, 64 percent of regional users have apparently received fraudulent email messages.
“Telephone scams are also a common mode of communication in the Middle East and Africa, with 44 percent of MEA consumers being targeted via phone calls,” said Ahmad.
Additionally, threat actors are increasingly using platforms like Facebook, Instagram, and Twitter.
“Surprisingly, according to our research, 21 percent of respondents received more communications from scammers on social networking platforms than messages from friends and relatives,” said Ahmad.
Strengthening digital trust strategies
Scams have a tremendous impact on organizations. The risks are two-fold: first, the financial cost, and second, the damage to an organization’s reputation. The resulting loss of trust only piles on the misery.
Approximately half of the region’s consumers — 49.8 percent, to be precise — lose faith in an organization whose name appears in a scam message, regardless of any actual connection.
Furthermore, about one-fifth of the region’s scammed consumers ceased doing business with the company named in the scam.
Customer loyalty has never been more fragile, and it may be destroyed by a single scam message.
“The concept that businesses should be more accountable extends beyond the risk of fraud itself. Its reputations are being jeopardized by proxy — whether companies like it or not,” explained Ahmad.
“Suppose enterprises want to preserve and establish confidence in the digital world. In that case, they must strike a balance between security and experience to guarantee that scammers do not tarnish their brand,” he stressed.
In addition, when building digital trust, the channels used to communicate with customers must be secure and straightforward to use.
However, threat actors are committing fraud using the same channels that businesses are leveraging to authenticate customers and transactions.
According to 41 percent of regional customers, the most trusted way to communicate with organizations is through in-app chats.
A little more than a quarter of them — 27 percent — feel the telephone is secure, and even fewer — 17 percent, or just about a sixth — believe email is safe.
SMS appears to be the weakest link, with only 8 percent of regional customers believing it is a secure way to communicate with their bank or merchant.
This channel has witnessed a 51 percent drop in customer trust after they received a fraudulent text message.
However, when it comes to the actual issue, Callsign research shows that around half — 48 percent — of regional consumers believe identity is a problem and that people should confirm who they are when signing up to use a platform to avoid scams.
Ahmad emphasized that digital identity, which must be at the heart of all digital transactions, is the foundation of digital trust.
“To accomplish this, companies must examine the technologies they employ to verify, authenticate, and authorize their genuine consumers throughout their online journeys, not only during account registration or login,” he said.