TL;DR: Meta says WhatsApp removed about 6.8 million scam accounts in the first half of 2025, while social media fraud has grown from roughly $20 million a decade ago to nearly $2 billion today, driven by cross-platform scam operations and easier AI-generated impersonation, according to the source article. The governance problem is no longer just content moderation; it is identity verification, credential abuse, and trust leakage across channels.
NHIMG editorial — based on content published by Swarmnetics: WhatsApp Cracks Down, Bans 6.8M Scam Accounts
By the numbers:
- Meta says WhatsApp removed about 6.8 million scam accounts in the first half of 2025.
- Social media fraud has grown from roughly $20 million a decade ago to nearly $2 billion today.
Questions worth separating out
Q: How should organisations respond when leaked credentials are used to run social media scams?
A: Organisations should correlate breach exposure, infostealer activity, and abnormal account behavior with fraud monitoring so risky accounts can be challenged before they are used for impersonation.
Q: Why do social media scams so often become an identity verification problem?
A: Because the attacker’s real advantage is not the message itself, but the trust attached to the account or persona sending it.
Q: What breaks when teams only monitor scams inside a single platform?
A: Single-platform monitoring misses the handoff where many scams become harmful.
Practitioner guidance
- Correlate credential leakage with social account risk Feed infostealer indicators, breach exposure, and unusual login patterns into fraud and identity workflows so suspicious outreach can be flagged before the message chain advances.
- Require step-up verification for money or data requests Make out-of-band confirmation mandatory when a familiar account asks for a transfer, a password reset, or sensitive personal information.
- Track escalation paths across platforms Instrument moderation, fraud, and trust-and-safety telemetry so you can see when a conversation moves from one app to another.
What's in the full analysis
Swarmnetics' full article covers the operational detail this post intentionally leaves for the source:
- Platform-specific safety features Meta says were introduced to help users pause and verify unfamiliar contacts
- The breakdown of scam patterns, including fake job offers, romance scams, fake storefronts, and pyramid schemes
- The regional organised crime patterns tied to Cambodia, Myanmar, and Thailand that underpin the scam-account ecosystem
- The cross-platform movement from WhatsApp to Telegram, TikTok, and off-site payment flows that completes many scams
👉 Read Swarmnetics' analysis of WhatsApp scam account takedowns and social fraud →
Social media scam accounts: what IAM and fraud teams need to watch?
Explore further
Social fraud is now an identity governance problem, not just a moderation problem. Scam operations increasingly depend on leaked credentials, trusted-contact abuse, and identity verification failures rather than technical exploitation of the platform itself. That shifts the control burden toward account recovery, anomaly detection, and trust-boundary management. Practitioners should treat social platforms as part of the identity estate.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Top 10 NHI Issues.
A question worth separating out:
Q: Who is accountable when a social fraud campaign uses stolen identity data?
A: Accountability is shared across the platform operator, the organisation that exposed or failed to protect the credentials, and the teams responsible for identity recovery and fraud response. Frameworks such as NIST CSF and NIST SP 800-53 emphasise access control, monitoring, and incident response across the identity lifecycle.
👉 Read our full editorial: WhatsApp scam account bans show how social fraud scales