Nearly 50% of consumers on both sides of the Atlantic have been targeted by social media advertising promoting retail fraud guides and services, and thinly disguised ‘refund hacks,’ according to new research from Netacea. The UK-based cybersecurity specialist polled over 2000 consumers in the UK and US to compile its 2025 Cyberfraud in Retail report. The study warned that fraud is increasingly normalized via high-profile ads on the surface web, designed to encourage consumers to participate in scams.[1]
These ads were once confined to underground “Fraud-as-a-Service” forums, the report claimed. “Their migration to mainstream social media is not only a sign that organized fraud operations are expanding, but the target audience on these channels is also a virtually unlimited source of ‘clean’ user accounts. Such accounts have not yet been flagged for suspicious activity on industry fraud and risk tools,” the report explained.
“This tips the balance for criminals trying to circumvent security and anti-fraud controls by reducing the number of potential threat signals. By normalizing fraud to the TikTok community and getting Millennials to ‘sign up for easy cash,’ organized criminals can effectively recruit humans and their marketplace accounts as digital mules for malicious activity.”
Netacea found that ads for retail fraud guides or services on social media have targeted 45% of respondents. In comparison, 58% have been exposed to refund hacks disguised as influencer content to normalize the practice. It seems to be working. Nearly a fifth (16%) of respondents said they consider retail fraud a victimless crime, and most (58%) assume retailers can and should absorb the costs of fraud without a significant impact on their business or prices.
Nearly a quarter (23%) admitted they’ve been tempted to commit fraud, and 15% said they had considered more serious retail fraud under the right circumstances. A third (34%) argued that fraud up to £100 is permissible. The word is also spreading. While 18% said they’d been exposed to influencers recommending retail fraud online, the majority (82%) said the same about friends (37%), family (15%), colleagues (21%), and classmates (9%).
Among the tactics they have been exposed to are:
- Claiming an order didn’t arrive to receive a refund/replacement
- Returning an empty package or other item and claiming a refund
- Using stolen payment details to make purchases
- Using illegally acquired gift cards or account balances to make purchases
- Using third-party services known as “boxers” to request refunds
The growing normalization of such tactics echoes a recent Ravelin report, which claimed a rise in chargeback fraud and refund abuse. Respondents from retailers said they now believe customers pose as significant a threat as professional fraudsters.
Netacea also warned of a surge in corrupt insiders: 18% of respondents claimed to personally know someone involved in insider fraud, either working at a retailer (12%) or in fulfilment services (6%). “We monitor professional criminals every day on underground marketplaces, but it’s clear that retail fraud techniques are no longer hidden in the shadows; they are being openly shared and discussed among friends, and widely promoted online,” argued Matthew Gracey-McMinn, VP threat services at Netacea.
“As a result, we are seeing a cultural shift where fraudulent behavior is not only visible but, alarmingly, considered acceptable by a significant portion of the public.”
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.infosecurity-magazine.com/news/half-consumers-targeted-social/
Comments