press release
Published: 26 February 2019

Cybercriminals raking in over $3bn a year from social media crime

By Laura Butler

The ready availability of hacking tools and services, wildfire spread of malware and proliferation of cryptomining has seen social media-enabled cybercrimes grow by more than 300-fold in recent years. 

These findings come from Dr. Mike McGuire, a Senior Lecturer in Criminology at the University of Surrey, who has undertaken an extensive six-month academic study, commissioned by Bromium, to publish Social Media Platforms and the Cybercrime Economy.

The study, which forms the next instalment of his Into the Web of Profit body of research, examines the role of social media platforms in the cybercrime economy.

Key insights include:

  • Social media-enabled cybercrimes are generating at least $3.25b in global revenue annually
  • One in five organisations have been infected with malware distributed via social media
  • Reports of cybercrime involving social media grew by more than 300-fold between 2015 and 2017 in the US, and social media-enabled crime quadrupled between 2013 and 2018 in the UK
  • Over 1.3 billion social media users have had their data compromised within the last five years and between 45-50% of the illicit trading of data from 2017 to 2018 could be associated with breaches of social media platforms
  • Four of the top five global websites hosting cryptomining code are social media platforms
  • The number of enterprises infected by cryptomining malware doubled from 2017 to 2018
  • Social media platforms contain up to 20 percent more methods by which malware can be delivered to users – e.g. through adverts, shares, plug-ins – than comparable sources, such as ecommerce, digital media or corporate websites
  • Social media has fueled a 36 percent increase in the recruitment of ‘millennial money mules’ since 2016 and has increased fraud revenues by 60 percent since 2017

Cryptomining is an emerging online threat that takes over web browsers on a computer or mobile device, to launch malicious attacks and “mine” forms of online money while remaining completely hidden to the user.

Since 2017 the amount of cryptomining malware being detected globally rose from 400 to 600 percent, the vast majority of which was found on social media platforms.

Of the top 20 global websites that host cryptomining malware, 11 are social media platforms like Twitter and Facebook. Apps, adverts and links have been the primary delivery mechanism for cryptomining software on social platforms, earning $250m per year for cybercriminals.

Dr. Mike McGuire said: “Facebook Messenger has been instrumental in spreading cryptomining strains like Digmine. Another example we found was on YouTube, where users who clicked on adverts were unwittingly enabling cryptomining malware to execute on their devices.

“While adverts on Facebook or Instagram may look like they’re promoting Ray-Ban sunglasses or Nike shoes, they’re often more sinister and deliver malware once clicked. Cybercriminals have been quick to see how the social nature of such platforms can be used to spread malware, embedding it into posts or friends’ updates and using photo tag notifications to persuade users to open infected attachments.

“Another trend on social media has been the hijacking of trustworthy verified accounts. In one case, hackers took over the Twitter account for UK retailer Matalan and changed it to resemble Elon Musk’s profile. Tweets were then sent out asking for a small bitcoin donation with the promise of a reward. Safe to say, nobody who donated got anything in return.”

Social media platforms are also hosting a thriving criminal ecosystem for more traditional crime. They serve as a recruitment centre for money mules used for laundering, with posts or adverts offering opportunities to earn large amounts of money in a short time. Data from UK banks suggests there might be as many as 8,500 money mule accounts in the UK owned by individuals under the age of 21, and most of this recruitment is conducted via social media.

“Around 0.2 percent of social media posts examined for this report involved financial fraud, helping to generate $290m in revenue per year,” concluded Dr. McGuire. “Criminals have been quick to understand how to exploit social media to facilitate more traditional crime, whether it’s a vehicle to sell something or research potential victims – for instance, online dating scams generate $138m per year and often rely on using social media pages to trick people.

Share what you've read?
Media Contacts

Laura Butler
Phone: +44 (0)1483 683075

External Communications and PR team
Phone: +44 (0)1483 684380 / 688914 / 684378
Email: mediarelations@surrey.ac.uk
Out of hours: +44 (0)7773 479911