Romance and Investment scams top Social Engineering in 2021

Romance and Investment scams top Social Engineering in 2021
<span class="bsf-rt-reading-time"><span class="bsf-rt-display-label" prefix="Reading Time"></span> <span class="bsf-rt-display-time" reading_time="2"></span> <span class="bsf-rt-display-postfix" postfix="mins"></span></span><!-- .bsf-rt-reading-time -->

The amount of total losses through fraud originating on social media is now 19 times higher than it was just five years ago in 2017, according to a Consumer Protection Data Spotlight published by the Federal Trade Commission on Jan 25.

According to the report, "More than 95,000 people reported about $770 million in losses to fraud" from threat actors using social engineering through social media in 2021.

The FTC explains that social media is a low-cost strategy. Some threat actors may act as a faux persona, while some trick users into giving them their passwords before taking over their accounts and acting as the victim.

A third of those who reported losing money lost it due to what the FTC calls an "online romance scam," which "start with a seemingly innocent friend request from a stranger, followed by sweet talk, and then, inevitably, a request for money," according to the report.

Another top "genre" of scam? Investment. According to the FTC, "reports...show scammers use social media to promote bogus investment opportunities, and even to connect with people directly as supposed friends to encourage them to invest."

The biggest type of scam through social media is one that you might even have been a victim of. "The largest number of reports," according to the FTC, "came from people who said they were scammed trying to buy something they saw marketed on social media." They estimate that 45% of all reports from 2021 included online shopping from seeing an ad run on social media.

Usually, these will take the user to a website made up to look like a real corporate brand name's site, but is in fact sending all information, including credit card numbers, to the threat actors' database.