Social media giants have been told to take tougher action against scammers selling people’s personal details through their platforms following an investigation by a consumer rights group.
Which? said it found 50 scam profiles, pages and groups across Facebook, Twitter and Instagram with clear evidence of criminal activity.
Stolen identities, credit card details, compromised Netflix and Uber Eats accounts and fake passports made to order were among the content it found on offer from fraudsters, using simple search terms.
In one Facebook group, researchers were alarmed to discover the personal details of a man in Yorkshire which had been live for four months, including details such as his full name, date of birth, address and mobile number, alongside complete financial information for his credit card.
Which? claims Facebook initially failed to remove the post after it was reported to them, saying it “doesn’t go against one of our specific community standards”.
Facebook eventually rectified its decision on the post, but the group remained.
On Twitter, one fraudster offered to sell full credit card details of someone with a bank balance of more than £13,000 for £100, or three sets of card details for £200.
Another offered a fake passport for £3,000.
On Instagram, Which? found accounts detailing price lists for services to acquire full identities, as well as “fraud bibles” to help novice hackers.
Which? Money editor Jenny Ross said: “It’s astonishing that social media sites make it so easy for criminals to trade people’s personal and financial information, particularly as fraud is such a prevalent crime that can have devastating consequences.
“Social media firms must take much stronger action to prevent their sites becoming a safe haven for scammers, and should work with the financial industry and police to address serious flaws with their platforms.”
All 50 of the groups, pages and profiles were reported to their respective social media platforms, but only some were addressed on Facebook, while none were removed on Instagram and Twitter, Which? said.
Facebook – which also owns Instagram – responded, saying: “Fraudulent activity is not tolerated on our platforms, and we have removed the groups and profiles flagged to us by Which? Money for violating our policies.
“We continue to invest in people and technology to identify and remove fraudulent content, and we urge people to report any suspicious content to us so we can take action.”
Twitter said: “It is against our rules to use scam tactics on Twitter to obtain money or private financial information.
“Where we identify violations of our rules, we take robust enforcement action.
“We’re constantly adapting to bad actors’ evolving methods, and will continue to iterate and improve upon our policies as the industry evolves.”
Katy Worobec, managing director of economic crime at UK Finance, said every part of society including social media companies “must play their part” in preventing this kind of activity.
“Criminal gangs are continuing to exploit social media platforms to commit fraud, whether it’s selling stolen identity and card data, recruiting ‘money mules’ or targeting the public with coronavirus scams,” she explained.
“Banks are taking action on all fronts to protect customers from fraud, including working closely with law enforcement to identify and take down fraudulent activity on social media where possible.
“But we cannot win this fight alone. Every part of society including social media companies must play their part in protecting innocent victims and preventing money getting into the hands of criminals.”