Fraud Operations Rebuild Faster Than Accounts Disappear While Their Behavior Remains Consistent
Published
Question: As social media becomes the primary attack vector for scams, what changes are needed in platform accountability and security design to prevent fraud?
Sorin Dudea, SVP and Head of Labs at Bitdefender
Social media has become one of the most effective environments for large-scale fraud because it provides attackers with vast amounts of personal information. Social platforms offer extensive reach and speed, enabling scammers to easily gain users’ Trust.
The scale and efficiency of scam operations have changed, with scammers no longer relying on isolated fake profiles or more obvious phishing attempts. Today’s campaigns operate more like well-coordinated marketing operations using automation, audience targeting, cloned brands, compromised accounts, and AI-generated content to reach victims faster and more convincingly than before.
Additionally, today’s AI tools, scam kits, stolen accounts, automation services, and fraud-as-a-service ecosystems have made it much easier for less experienced cybercriminals to enter the space.
A noticeable gap remains between detection and remediation. Most major platforms are already capable of identifying suspicious behavior patterns. The challenge is often how quickly enforcement happens and how effectively repeated abuse is disrupted.
- Fake investment ads can stay live for extended periods
- Impersonation accounts frequently return after removal
- Hijacked creator accounts are often exploited before recovery processes even begin
The current remediation model remains heavily reactive - effectively a cycle that continues to favor threat actors because the cost of rebuilding is low, and the barriers to entry remain minimal.
The most critical yet overlooked defense strategy for platforms is behavioral analysis. Scam operations tend to leave consistent operational signals:
- newly created accounts pushing financial offers,
- coordinated engagement spikes,
- mass outbound messaging,
- rapid audience shifts on compromised accounts, or
- networks of profiles amplifying identical narratives simultaneously
AI has fundamentally transformed the scam landscape. Threat actors are actively using generative AI to create phishing messages, fake customer support interactions, cloned voices, deepfake videos, synthetic influencer accounts, and localized scam campaigns adapted for different audiences and regions.
AI has changed not just the realism of scams, but also economics, lowering the time, cost, and technical skill needed to run fraud operations at scale.
A single operator can generate hundreds of scam variations, personalize outreach using public social media data, test engagement patterns, and rapidly adjust campaigns based on performance.
Additionally, victim reporting and escalation processes still struggle to keep pace with the speed and frequency of scam campaigns. While victims can provide useful intelligence, such as
- screenshots,
- payment details,
- wallet addresses,
- cloned profiles,
- phishing domains
- Reporting systems are frequently slow, fragmented, or ineffective at driving fast action.
There’s also an ongoing tension between security and social media growth models. Social media platforms are designed to prioritize engagement, scale, and monetization, while trust and safety teams are expected to reduce abuse without creating too much friction for users or advertisers.
That balance becomes increasingly difficult as fraud operations become more automated and scalable. From an organizational perspective, social media risk should be viewed through the lens of potential fraud, identity, and operational security concerns.
Companies need stronger monitoring for impersonation and account compromise, faster escalation channels with platforms, clearer response procedures, and better employee awareness around social engineering and account security.
The broader issue is that attackers continue to adapt operationally much faster than many defensive processes evolve. Until platforms focus more heavily on disruption, coordinated enforcement and operational response rather than relying primarily on content removal, social media will likely remain a highly effective channel for fraud at scale.
Related
