Step into the murky, grey market of social media ad account rentals to see one of the newest forms of malicious brand impersonation.

These account creators often assist their buyers with fake KYC verification tools that are capable of generating high quality verification documents and often suggest using them to the buyers. In this case, the researchers at PreCrime Labs identified a domain that offers a service to generate fake documents and verify whether the generated ID is a duplicate or has distinctive similarities to avoid any detections.

Other examples might include accounts promoting cryptocurrency coins, fake e-commerce shops built to leverage approaching significant cultural events or seasonal shopping sales, or promotion of third party tools and applications hidden as malware.

These rented accounts are disposable in nature and the next one is arranged at their fingertips in no time, helping them to quickly keep the accounts rotating and the advertisements ongoing.

It all starts with service providers who can be found on various cybercrime platforms such as Telegram, forums, and blackhat SEO-based chat groups. The related discussions are often found under the SEO sections of cybercrime forum markets, where one will quickly realize there are just as many malicious options available as there are legitimate ones.

Renting social media ad accounts is no longer just a niche crime. These malicious ad accounts are full-fledged supply chain scams with ecosystems spanning from the open web to the dark web forums. From forged KYC documents to Telegram marketplaces and offshore hosting, every layer of this underground ecosystem is designed to exploit the ads feature. While social media platforms can do more to combat this problem, the responsibility to counter this doesn’t fall on the platforms alone. With vigilance at every level, from the enterprise to the end user, we can collectively disrupt this gray economy before it further reaches victims.