Scam sign
Scammers are using social media platforms to launch finanical scams. geralt/Pixabay

While Facebook, Twitter and Google have come under fire for their role in enabling Russian interference in the 2016 U.S. presidential election, new research shows another threat has run wild on the platforms: financial scams.

According to Cybersecurity firm ZeroFox, there more than 430,000 fraudulent finance and banking campaigns currently running on social media platforms, nearly double the amount found on Twitter and Facebook last year.

ZeroFox’s report, titled “External social and digital threats to financial institutions” found attackers increasingly relying upon social media platforms to target potential victims of fraud. The attackers typically use one of several methods to trick users.

The first type of attack is referred to by ZeroFox as “spray-and-pray.” The tactic cases a wide net across social media before picking individual targets. This method often includes creating fake advertisements or content that have finance-related hashtags or are targeted at people who have liked or followed a specific financial institution.

Through the spray-and-pray approach, a victim will eventually interact with one of the fake advertisements or malicious links, which leads them to a malvertising campaign or a fraudulent websites designed to look like a bank’s site in order to steal their information.

Another technique, known as “land-and-expand,” allows attackers to target specific organizations or users through phishing-style attacks, then use the compromised accounts of victims to find others and spread the attack.

The model requires a more focused approach at the start of the attack and often involves a significant amount of research on potentials victims. Scammers will sift through public information, “liked” content on social media, timeline information and demographics to determine the best target for the attack.

Once an early target has been compromised, the threat actors can then use that individual’s information to reach others. If the victim is an employee of a financial institution, they may steal information from the company. If it is an individual, they may use the account to spread malicious links or downloads to other contacts who may trust it coming from a familiar source.

ZeroFox reported 437,165 total fraudulent financial scams running on social media platforms thus far this year. It identified about 250,000 such schemes during 2016, suggesting the attacks will only continue to grow if they are successful—though the researchers believe the campaigns are being carried out by a relatively small group of scammers.

The cybersecurity firm estimated the average victim loses about $414 per scam. The group estimated that if one person fell for every one of the fraudulent campaigns, it would result in $180,986,310 in global loss.

Stopping the threats will require a keen eye by consumers to avoid falling victim to fake advertisements and clicking malicious links. It also highlights the need for social media sites to monitor threats being carried out on their platforms and provide protections for users by blocking scams at every opportunity.