Social media giants have been told to take tougher action against scammers selling people's personal details through their platforms following an investigation by a consumer rights group.
Which? said it found 50 scam profiles, pages and groups across Facebook, Twitter and Instagram with clear evidence of criminal activity.
Stolen identities, credit card details, compromised Netflix and Uber Eats accounts and fake passports made to order were among the content it found on offer from fraudsters, using simple search terms.
In one Facebook group, researchers were alarmed to discover the personal details of a man in Yorkshire which had been live for four months, including details such as his full name, date of birth, address and mobile number, alongside complete financial information for his credit card.
Which? claims Facebook initially failed to remove the post after it was reported to them, saying it "doesn't go against one of our specific community standards".
Facebook eventually rectified its decision on the post, but the group remained.
On Twitter, one fraudster offered to sell full credit card details of someone with a bank balance of more than £13,000 for £100, or three sets of card details for £200.
Another offered a fake passport for £3,000.
On Instagram, Which? found accounts detailing price lists for services to acquire full identities, as well as "fraud bibles" to help novice hackers.
Which? Money editor Jenny Ross said: "It's astonishing that social media sites make it so easy for criminals to trade people's personal and financial information, particularly as fraud is such a prevalent crime that can have devastating consequences.
"Social media firms must take much stronger action to prevent their sites becoming a safe haven for scammers, and should work with the financial industry and police to address serious flaws with their platforms."
All 50 of the groups, pages and profiles were reported to their respective social media platforms, but only some were addressed on Facebook, while none were removed on Instagram and Twitter, Which? said.
Facebook - which also owns Instagram - responded, saying: "Fraudulent activity is not tolerated on our platforms, and we have removed the groups and profiles flagged to us by Which? Money for violating our policies.
"We continue to invest in people and technology to identify and remove fraudulent content, and we urge people to report any suspicious content to us so we can take action."
Twitter said: "It is against our rules to use scam tactics on Twitter to obtainmoney or private financial information.
"Where we identify violations of our rules, we take robust enforcement action.
"We're constantly adapting to bad actors' evolving methods, and will continue to iterate and improve upon our policies as the industry evolves."
Katy Worobec, managing director of economic crime at UK Finance, said every part of society including social media companies "must play their part" in preventing this kind of activity.
"Criminal gangs are continuing to exploit social media platforms to commit fraud, whether it's selling stolen identity and card data, recruiting 'money mules' or targeting the public with coronavirus scams," she explained.
"Banks are taking action on all fronts to protect customers from fraud, including working closely with law enforcement to identify and take down fraudulent activity on social media where possible.
"But we cannot win this fight alone. Every part of society including social media companies must play their part in protecting innocent victims and preventing money getting into the hands of criminals."
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here