Recent data from the United States Federal Trade Commission (FTC) confirm a worrying trend: social networks are no longer just a channel for sharing photos and opinions, but the fertile ground where scammers have increased their blows to billions of dollars in losses. According to the FTC, complaints starting on social platforms accounted for almost one third of the reported fraud cases in 2025 and the losses associated with these contacts exceeded $2.1 billion, an exponential increase from 2020. The ease of finding and profiling victims, along with advertising tools and committed accounts, has made networks the preferred channel for large-scale scams(source: FTC: data on social media scams).
The distribution of the victims also brings a clear message: almost all age groups that reported losses identified Facebook as the platform from which the scam originated, with WhatsApp and Instagram at far but still significant distances. This suggests that attackers exploit both open networks and closed messaging, combining account supplanting, false groups and targeted advertising to scale and diversify their frauds. The vector is not just an application: it is the convergence between public profiles, behavior data and private messaging channels.
The sector's responses, with Meta implementing warnings about suspicious friendship requests, potentially fraudulent chat detection systems and WhatsApp warnings about screen sharing, show that platforms are aware of the problem. They also reported the elimination of millions of announcements and accounts linked to illicit transactions. However, these measures act more as a mitigation than a final solution: the scammers reinvent tactics, use legitimate accounts that are hijacked and benefit from automated tools and, increasingly, artificial intelligence to customize messages and draw controls.
The scope of the problem goes beyond what is happening in a single company; it is also confirmed by the FBI and its Internet Crime Complaints Centre (IC3), which record more than a million complaints and losses per year for tens of billions in cybercrime including investment scams, business supplanting and technical fraud. We are facing a systemic phenomenon that mixes technical vulnerabilities, design failures on platforms and social practices of misdirected trust(see FBI IC3).
For the common user, the conclusion is clear: prevention must combine digital hygiene with tactical skepticism. To limit the visibility of your publications, to review more rigorously requests for friendship or invitations to groups, to activate the authentication of multiple factors and to distrust any contact that requests money or financial decisions at a distance are basic but effective measures. In addition, before sending data or making a purchase, it is appropriate to verify the reputation of companies and people looking for reviews and notices of fraud on the web.
There are also concrete measures that help after the incident: if you have already sent money, contact your bank or card issuer immediately to try to reverse payments or open disputes; save catches and the timing of the communication; and report the scam to the relevant authorities to feed the databases that use agencies and platforms to detect patterns. The FTC maintains resources and practical guides for consumers on how to recognize and avoid various types of deception; consulting them can help identify signs that go unnoticed at the time of the scam ( FTC Tips on phishing and fraud).
At the regulatory and business level, the challenge is deeper: society needs to demand greater transparency on how advertising is monetized and segmented, stricter standards of mass identity verification and better reporting tools that translate complaints into rapid operational actions. It is also urgent that the role of emerging technologies, such as IA models that facilitate the generation of hyperpersonalized or deepfakes messages, be evaluated and that controls be implemented to prevent their malignant use on a scale.
The lesson is that digital security is no longer just a technical problem but a social and regulatory issue. Each user can reduce their risk with simple habits, but real reduction of damage requires more reliable systems, corporate responsibility and a coordinated legal and technical response. If you are concerned about being a victim or want to report fraud, in addition to the platforms, you can file a complaint on the FTC portal (reportfraud.ftc.gov) and the FBI IC3 to help block operations and protect other users.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...