4.95 billion people across the world — that’s 61% of the global population — use social media, spending an average of two hours and 24 minutes each day on various platforms. Yet, consuming and creating content for social media are among the top five online activities that make us feel most vulnerable.
And there’s good reason for it. Social media scams have accounted for $2.7 billion in reported losses from US consumers since 2021. They’re big business — and the global reach of Facebook, Instagram, TikTok, X, LinkedIn, and other social platforms make them ideal for luring in victims.
1. Facebook shopping scams
If you’re going to lose money from a shopping scam, chances are that the scam will start on social media. One big reason why is because these platforms are filled with advertisements showing fake products with fake discounts. In fact, 44% of all social media fraud loss reports came from people who tried to buy something advertised on Facebook or Instagram, but the goods never arrived.
What’s the secret to these scammers’ success? A cyber security attack known as “malvertising” that can look something like this:
Criminals set up fake Facebook pages imitating brands that you like.
They create fake posts that get promoted as ads and further boosted with fake comments.
These link to fake websites that pressure you into buying something that will never arrive.
The arrival of — and ease of access to — generative AI platforms such as ChatGPT only makes it easier to localize scams and target consumers in different countries, massively increasing scammers’ reach.
“An example of a large-scale scam would be a spam campaign with fake Facebook ads aimed at large audiences. Recently I spotted examples of one Facebook scam in Swedish, Hungarian, French and German, where previously I had seen it almost exclusively being delivered in English,” explains Joel Latto, Threat Advisor at F‑Secure.
How to protect yourself from Facebook shopping scams
According to Yik Han, a Researcher at F‑Secure: “It’s easy to fake everything on social media nowadays. So be sure to check if the online seller is legitimate with a tool like F‑Secure’s free Online Shopping Checker before you make any purchase.”
Latto further explains: “Everyone makes a bad click eventually. That’s why you need a high-quality security solution like F‑Secure Total that includes browsing and shopping protection.”
2. Instagram sugar daddies and sugar mommies
Using stolen images, and occasionally stolen accounts, “sugar daddies” and “sugar mommies” approach potential victims via direct messages on Instagram, dating apps, or any social media platform. They start conversations promising a life of luxury, but what they want is your money or personal data.
These social media scams develop in two ways: either the daddy or mommy will quickly ask for money with the promise of larger future rewards in return, or the scammer will offer some sort of payment to gain the victim’s trust — as well as their bank details — that will be quickly canceled before it clears.
After the first payment from the victim, the scammer will either disappear and move onto their next target or continue to request money from the victim using emotional manipulation and deception.
How to protect yourself from imposter social media scams
Any unexpected requests for information related to money or services that enable monetary transactions, including PayPal, Venmo or MobilePay, are a major red flag.
To verify if you’re dealing with an actual person, try a video chat. If they continuously refuse and make up reasons as to why they can’t video chat, they’re most likely not who they say they are.
Use Google to assess a stranger’s legitimacy. Sugar daddy scammers will usually impersonate successful businesspeople, doctors or lawyers, who should have a strong digital presence.
3. The TikTok trend that spreads malware
In 2022, TikTok users were tricked into installing malware by the false promise of a tool that would reveal nude bodies blurred for the app’s popular “invisible challenge”. They participated in this challenge by filming themselves undressed and applying a filter that blends their silhouettes into a neutral background for an “invisible” effect. And the initial “lure” was a TikTok post promising filter removal.
“Cyber criminals weaponized users’ curiosity to create a multi-layer social engineering scam that led victims to infect their own devices,” explains Han. “The victim was told to join a Discord server, where they received a message from a bot pointing them to GitHub — a platform where developers can build, store, and deliver software — for the download, along with instructions in a YouTube video.”
But once installed, the tool doesn’t remove any filter: “The executed malware will steal personal files — including Discord credentials, crypto wallet passwords, and credit card details,” says Han.
Lulled into a false sense of security
This scam shows how social media can be weaponized to fool users into making bad decisions. These TikTok videos racked up more than 1 million views, with more than 35,000 people joining the Discord server, 103 stars in the GitHub repository, and 2,000 views of the YouTube video.
“The criminals used multiple tricks to make their GitHub repository seem legitimate. These big numbers made it hard for users to realize that each element was part of a trap to spread malware,” explains Han.
How to protect yourself from TikTok trend scams
Don’t be fooled by big numbers on social media. Cyber criminals are figuring out how to cheat platforms to build up views, likes, and shares that make their content seem credible.
Do a Google search for TikTok trends first to see if anyone else has been affected by scams.
Always research an app when you download it with a search and look through the reviews.