On February 4, 2004, a Harvard student named Mark Zuckerberg launched a website called TheFacebook. Within 24 hours, more than 1,200 students had joined. Twenty-two years later, Facebook reaches over three billion users and has become something else entirely - not just a social network, but one of the most effective trust infrastructures ever created.

And that is exactly why fraudsters love it.

This is not an article about Facebook causing fraud. It is about how fraudsters understood early what many financial institutions still struggle with: social media is where trust is built, tested, and abused - long before money moves.

From Closed Networks to Inherited Trust

Facebook’s original promise was exclusivity. In 2004, you needed a Harvard email address. Later, a university domain. Identity checks were minimal, but social validation was strong. If someone was on Facebook, they belonged.

In 2006, Facebook opened to everyone. The gate disappeared, but the perception of authenticity remained. Users continued to behave as if profiles represented real, accountable people.

That legacy trust never reset. Fraudsters noticed.

Today, a well-aged profile with years of photos, friends, and comments is often more convincing than any phishing email or spoofed domain. Fraud does not break Facebook. It borrows its credibility.

The Social Graph Became a Targeting Engine

Facebook’s real innovation was not the profile. It was the social graph.

Fraudsters use it to map relationships, identify authority, and exploit proximity. “Friend of a friend” remains one of the strongest psychological shortcuts humans use when deciding whom to trust.

In the GCC and elsewhere, this is evident. Impersonation scams targeting executives. Fake investment opportunities are introduced through mutual connections. Account takeovers are spreading laterally across personal networks.

One compromised account is not an incident. It is an entry point.

Most fraud systems still evaluate transactions in isolation. Fraudsters operate in networks.

Oversharing Turned OSINT Into a Free Service

Every post leaks context.

• Travel photos explain why transactions occur out of pattern.
• Job updates reveal internal processes.
• Family events signal emotional vulnerability.
• Comments reveal tone, language, and responsiveness.

Fraudsters no longer rely on guessing security questions or customer behavior. They observe it.

In regions with high social media engagement, such as the GCC, this intelligence significantly increases scam success rates. Yet social media remains rarely included in standard fraud investigations unless victims explicitly mention it.

This is not a tooling problem. It is a conceptual blind spot.

When Fraud Became a Revenue Stream

In recent years, Facebook’s parent company, Meta, has faced repeated accusations that it profits from fraud through paid advertising.

Investigations by journalists, regulators, and civil society groups have shown how scam ads - fake crypto platforms, impersonated brands, fraudulent investments, and romance schemes - are allowed to scale because they generate advertising revenue. Multiple reports estimate that billions of dollars per year are linked to deceptive or fraudulent advertising.

The issue is structural. Advertising systems are optimized for engagement and spend, not victim outcomes. Takedowns often occur after losses, whereas fraudsters simply relaunch under new names.

This creates a dangerous asymmetry. Financial institutions absorb losses and customer harm. The platform facilitating first contact monetizes reach.

Fraudsters follow incentives. They always have.

What Banks Still Miss After 22 Years

Despite decades of evidence and technological advances, financial institutions have difficulty identifying and using relevant signals to mitigate fraud originating from social networks, even though these networks are a core enabler of fraud.

Integration of Social media into transaction risk scoring is almost non-existent. Investigators are not always trained to preserve volatile social evidence. Awareness programs focus on links and emails, not long-term grooming or impersonation.

Most critically, banks assume trust is created at login or transaction time. Fraudsters know trust is often created weeks or months earlier in a comment thread, a friend request, or a direct message.

By the time money moves, the decision is already made.

Fraudsters operate on a weeks-to-months timeline of grooming and trust-building. Most fraud controls activate in milliseconds. This mismatch explains why controls often function as intended yet still fail.

Closing Thought: Trust Did Not Disappear - It Migrated

Facebook did not invent fraud. It industrialized trust at global scale. Fraudsters learned how to exploit that trust faster than institutions learned how to defend against it.

As digital adoption accelerates across the GCC, ignoring social-media-enabled fraud will ultimately be visible on the bottom line. The question is not whether your institution is exposed. The question is whether your fraud framework reflects how fraud actually occurs and seeks to narrow the opening.

Fraud follows trust. And trust moved to social platforms a long time ago.

References

• Facebook / Meta company history  
• Meta investor reports and advertising revenue disclosures  
• DataReportal - Digital 2024 UAE and Saudi Arabia  
• Wall Street Journal - Meta scam ads investigations  
• Reuters: Meta is earning a fortune on a deluge of fraudulent ads, documents show
• Thunderbird: Facebook Statistics