Truth Social, the social media platform launched by the Trump Media & Technology Group (TMTG) in 2022, has become a hotspot for various online scams, including phishing schemes and investment fraud, according to a recent analysis by security researchers.

Large Groups, Large Risks

Netcraft investigators reported receiving over 30 scam messages within just a few hours of creating a single account on Truth Social. The platform’s structure, which encourages users to join interest-based groups, has made it easier for scammers to target victims at scale. Some of these groups have over 100,000 members.

Among the prevalent scams identified are advance fee fraud schemes, where victims are tricked into sending money upfront, with scammers requesting amounts from $250 and as high as $1,000.

Romance and investment scams are also widespread. For example, in a common crypto investment scam, fraudsters build trust before convincing victims to invest in fake platforms.

The report also highlights the activity of a Central European, French-speaking threat actor who uses multiple Truth Social accounts to distribute phishing links. These phishing campaigns impersonate major brands like Spotify, Netflix and Disney+ to steal users’ login credentials and financial information. Since March 2024, this actor has reportedly posted over 500 phishing messages using seven different accounts on the platform.

A typical phishing attack involves sending lure emails claiming a subscription has expired, prompting the victim to click a link that redirects through Truth Social to a fake login page. Victims who enter their details often have their bank information compromised.

A Growing Threat

The Federal Trade Commission (FTC) has recently reported that scams originating on social media have led to $2.7bn in reported losses since 2021, emphasizing the growing threat of such platforms being exploited by cybercriminals.

Security researchers emphasize the need for heightened vigilance and proactive measures from both users and platform operators to curb these malicious activities. This includes better user education on identifying scams, stricter content moderation policies and the use of advanced detection technologies to identify and remove threats more effectively.