top of page

How Social Media Fuels Scams: Trends, Tactics, and Best Practices

Red digital background with a phone displaying a skull. Text: "Social Media’s Dark Side: Trends in Online Fraud, with Luis Corrons." Mood: ominous.

The Evolution of Online Scams

The way we interact online has changed dramatically and so have the threats we face. While cyberattacks once focused primarily on malware and viruses, today’s digital dangers rely more on deception and manipulation than technical exploits. Modern scams capitalize on trust, social behaviors, and digital habits, making them both harder to detect and more dangerous than ever before.


Social media, once a space for connection and self-expression, has become a hunting ground for cybercriminals. Attackers infiltrate platforms where people feel comfortable and engaged, using psychological tactics to gain access to sensitive information and money. Unlike the past, where security threats were limited to suspicious links in emails, today’s scams are embedded within the very platforms we use daily, disguised as real people, businesses, or opportunities.


Adding to the complexity is the rise of Artificial Intelligence (AI), which has given scammers a powerful new toolset. Backed by AI, fraudsters can now generate deepfake videos, voice impersonations, and hyper-personalized phishing messages, making their attacks alarmingly realistic. These tools allow them to scale their operations faster and bypass traditional fraud detection measures, increasing the success rate of their scams.


The combination of social media’s vast reach and AI’s deceptive capabilities has made social media scamming a vast, successful business. From fraudulent giveaways to investment scams and fake online stores, cybercriminals are capitalizing on the interconnected nature of today’s digital platforms. But which social media spaces are the most vulnerable, and how do scammers operate? Let’s break it down.


The New Face of Social Media Scams

As cybercriminals adapt to digital trends, social media has become one of their favorite places to find victims. The sheer volume of users and the constant flow of information provide scammers with endless opportunities to exploit trust. From fake giveaways to elaborate phishing attempts, these criminals use platform-specific tactics to reach and deceive their targets.


One example of a particularly effective scam was the “TikTok Elon Musk Giveaway”, where fraudsters impersonated the billionaire to promote phony cryptocurrency rewards. By leveraging TikTok’s younger, tech-curious audience, scammers convinced users to send funds with promises of high returns, only to vanish with the money.


Another widespread deception comes in the form of fraudulent job offers—often referred to as “Part-Time Job Scams.” These scams prey on people looking for flexible work, offering quick cash opportunities in exchange for an upfront fee or sensitive personal details. Once victims comply, they are left with empty promises and financial losses.


It’s not only the new social media apps that are targeted. Another case, the "Skype Notification Scam," demonstrated how even older messaging apps can lead people into costly traps, showcasing the many ways cybercriminals manipulate trust and digital habits. Additionally, phishing attacks often use social media to harvest account credentials, spreading malicious campaigns within the same ecosystem they exploit.


Beyond individual cases, the bigger question remains: How big of an issue are social media scams and which platforms are most targeted?


Scams Across Social Media

Before we dive in, it’s worth noting that being targeted by scammers does not necessarily mean the platforms themselves are inherently dangerous – the risks occur when we interact on the platforms as users. And not all social media platforms carry the same level of risk.


Some serve as prime targets for cybercriminals, offering the ideal mix of high user engagement, commerce-driven features, and trust-based interactions. The following insights are based on threats detected across major social media platforms:

  • Facebook (56%) – The clear leader in detected scams, largely due to its Marketplace transactions and community-driven interactions, which make users more vulnerable to fake e-shops and phishing attempts.

  • YouTube (26%) – The second-highest risk platform, primarily targeted by malvertising campaigns, where cybercriminals embed harmful links within ads.

  • X (7%) – Home to a high volume of impersonation scams, phishing links, and fraudulent promotions tied to trending topics.

  • Reddit (5%) – Scammers exploit the platform’s community-driven nature, often embedding phishing links in discussions or running malicious ads.

  • Instagram (4%) – A hotspot for fraudulent online shops, capitalizing on the platform’s visual appeal and shopping features.


Some interesting trends can be seen in other social media as well, for example when looking at messaging platforms; despite WhatsApp’s much larger user base, Telegram sees six times more scam activity. This aligns with a growing trend where scammers lure victims into Telegram chats, leveraging the platform’s encryption, anonymity, and group-based fraud tactics. The chart below provides a visualization of these figures, highlighting how cybercriminals capitalize on the distinct dynamics of each platform to target users effectively. 


Circular chart showing social media threat shares: 56% Facebook, 26% YouTube, 7% X, 5% Reddit, 4% Instagram, 2% Others. Dark background.

What are the threats that are targeting people on social media? There is a wide selection:

  1. Malvertising (27%): Spreads malware or redirects people to malicious websites through deceptive online advertising. Cybercriminals often exploit ads to distribute harmful content disguised as legitimate advertisements.

  2. E-shop Scam (23%): Attackers create fake online shops (e-shops) to trick people into making purchases. Victims either receive fake goods or nothing at all, losing money and sometimes exposing personal data.


  3. Phishing (18%): Scammers use deceptive messages, emails, or websites to steal sensitive information such as credit card numbers, banking credentials, or passwords. These campaigns are often designed to look like legitimate communications.


  4. Financial Scam (11%): Attackers trick people into giving them money or sensitive financial information. Common examples include fake investment opportunities and fraudulent loan offers.


  5. Generic Scam (10%):

    This general category includes scams where attackers aim to deceive victims into sharing personal information or money, without fitting into the more specific categories above.


  6. Tech Scam (5%):

    Scammers impersonate legitimate technical support providers to gain access to victims' computers and data. These scams often start with fake error messages or unsolicited calls offering help.


  7. Dating Scam (3%):

    Cybercriminals establish fake romantic relationships to trick victims into sending money or sharing personal information. These scams typically occur on dating platforms or social media using fake profiles.


  8. Others (2%):

    A collection of less frequent yet still significant threat types that exploit social media in various ways.


Donut chart of social media threats. Main threats: Malvertising 27%, E-shop Scam 24%, Phishing 18%. Dark blue background.

These figures show the many strategies used by cybercriminals to exploit people on social media. Malvertising remains the dominant threat at 27%, targeting large user bases with scalable attack methods in advertising ecosystems. E-shop scams, accounting for 23% of threats, reflect how attackers exploit shopping-centric platforms like Facebook and Instagram to capitalize on people’s trust and urgency during transactions. Phishing, at 18%, continues to lure unsuspecting users into revealing sensitive information through deceptive links and messages. Financial scams (11%) and general scams (10%) illustrate the diversity of cybercriminal tactics.


The last quarter of 2024 saw a spike in online shopping activity, and cybercriminals were quick to capitalize on the increased traffic. Platforms like Facebook and Instagram, which encourage shopping through integrated features, saw a notable rise in e-shop scams during this period. The urgency of holiday deals and the allure of discounts create the perfect conditions for scammers to thrive.


Each platform is unique, with different types of users and content shared, and that is reflected in the threats that are prevalent in each one. Let’s take a closer look at the top five social media platforms with the most threats detected.


Facebook

The most prevalent threat on Facebook is fake online shops -  what we call e-shop scams - which is seen much less across other social platforms. This is due to different platform-specific factors:

  • Facebook's Marketplace is widely used for buying and selling goods, making it an ideal target for e-shop scams.

  • Scammers can create fake listings or impersonate sellers to exploit people who trust the platform for peer-to-peer transactions.

  • Facebook has a broad demographic that skews older. Unlike TikTok or Instagram, many people who are on Facebook are not digital natives likely to be more familiar with common scam signs.

  • Facebook allows people to create pages, groups, and profiles that can closely mimic legitimate e-commerce stores. These fake stores are harder to distinguish from authentic ones, especially for unsuspecting users.

  • Facebook's focus on community groups and local interactions may lead to more region-specific scams, such as fake stores targeting specific cities or neighborhoods.


Graph showing threat ratios on Facebook: E-shop Scam 26%, Malvertising 24%, Financial Scam 16%, Phishing 14%, others less. Icons below.

YouTube

On YouTube, malvertising (malicious advertising) is the top threat. Again, there are some characteristics that likely explain why this is the case:

  • YouTube heavily relies on advertising revenue, making ads integral to the user experience. Malvertising exploits YouTube’s ad ecosystem by embedding harmful links or malware in ads served to viewers. These ads often bypass initial screening and appear legitimate, leveraging YouTube’s credibility.

  • YouTube’s nearly 2.5 billion monthly active users and long watch times provide scammers with a large, engaged audience. Video content keeps people on the platform for extended periods, increasing exposure to malicious ads.

  • YouTube ads can be highly targeted based on people’s interests, viewing history, and demographics. Malvertising campaigns exploit this feature to tailor harmful ads to specific audiences, increasing their effectiveness.


Pie chart showing YouTube threat ratios: 54% Malvertising, 23% E-shop Scam, 17% Phishing, with categories like Financial and Dating Scams.

X

The overwhelming prevalence of scams on X, making up more than half of the platform’s blocked attacks, can be explained by the platform's unique characteristics and user engagement patterns:

  • X allows people to create accounts quickly, often without stringent verifications. Scammers exploit this to create fake accounts that impersonate influential individuals, brands, or organizations.

  • Verified accounts, previously a sign of credibility, are now accessible via paid subscriptions, making it easier for scammers to appear legitimate.

  • The open nature of X’s platform allows scammers to engage with millions of users directly through tweets, replies, and retweets. This wide reach increases the effectiveness of scams. Scammers often reply to popular tweets with malicious links or scam offers, targeting people in high-visibility threads.

  • Scammers capitalize on trending hashtags and breaking news to insert themselves into conversations, for example:

    • Fake cryptocurrency giveaways tied to well-known names in the crypto sphere such as Elon Musk

    • Fraudulent donation links during global crises or emergencies.


On top of everything, the fast-paced nature of X makes it challenging for people to distinguish legitimate content from scams.


Pie chart showing threat share: 62% Generic Scam, 29% Phishing, 7% Malvertising, 1% Dating Scam, 1% Other. Dark background. Logos below.

Reddit

The dominance of Malvertising and Phishing as the primary threats on Reddit can be attributed to several platform-specific characteristics and user behavior patterns:

  • Reddit operates as a collection of communities (subreddits) where people share content and interact freely. This decentralized structure provides opportunities for malicious actors to:

    • Post links leading to phishing websites.

    • Share harmful ads disguised as useful content.

  • The reliance on user-generated content means that Reddit has a vast number of posts, comments, and links to monitor. Malicious actors exploit this by embedding phishing links in posts or comments, often disguised as legitimate recommendations.

  • Reddit's advertising system allows third-party advertisers to place ads on the platform. Scammers often create malicious ads (malvertising) that:

    • Redirect people to harmful websites.

    • Mimic legitimate businesses or products.

  • Reddit ads appear alongside genuine content, making them harder to identify.


Threat share donut chart: 65% Malvertising (purple), 29% Phishing (teal), 2% E-shop Scam, 1% Generic Scam, 3% Other, with brand logos.

 

Instagram

The high prevalence of E-shop Scams on Instagram, making up 42% of the threats, can be attributed to the platform's unique characteristics and how users interact with content. Here's why Instagram is a prime target for such scams:

  • Instagram’s design emphasizes visuals, making it an ideal place for scammers to post attractive images or videos of fake products, luring people into fraudulent e-shop schemes.

  • The platform actively promotes shopping through features like Instagram Shopping and links in Stories or posts, which scammers exploit to mimic legitimate e-commerce activities.

  • Scammers can easily set up accounts posing as legitimate businesses, complete with curated product galleries and reviews.

  • Instagram’s ad system allows targeted advertising, enabling scammers to reach specific audiences based on their interests or shopping behavior.


Pie chart showing threat ratios among protected Instagram users: E-shop scams 43%, Phishing 26%, Malvertising 13%, others smaller.

Conclusion

Social media has become more than just a space for interaction—it’s now a marketplace, a news hub, and a global stage for digital expression. But with this rapid evolution comes a growing risk of exploitation. Cybercriminals are constantly refining their tactics, using platform-specific features and seasonal trends, like holiday shopping surges, to maximize their impact.


As these threats become more sophisticated and harder to detect thanks to the help of AI, the responsibility to combat them falls on both users and platforms. Social media companies should implement stronger fraud detection systems, and at the same time, we have to stay vigilant and question too-good-to-be-true offers, unknown links, and suspicious profiles.


The future of online safety depends on proactive security measures, AI-driven fraud detection, and user education. Only through collective efforts—from tech companies to regulators and everyday users—can we begin to turn the tide against the rising wave of digital scams.


As a foundational member of the Global Anti-Scam Alliance, Gen remains committed to developing cutting-edge solutions to protect users from these emerging threats and helping shape a safer digital landscape.

Commentaires

Post: Blog2_Post
  • LinkedIn
  • X
  • Facebook
  • Youtube

© Global Anti Scam Alliance (GASA)

bottom of page