February 12, 2024

OSINT Strategies to Identify Illegal Businesses on Social Media

This article provides insights and tips on how to better identify illicit businesses online.

The dark web isn't the only place where illicit businesses are online. Many of these shady enterprises operate in the open on social media. While trust and intelligence teams at these companies are constantly investigating all types of activity that violate their terms of service and could pose a threat, there are over two billion users on platforms like Facebook and Instagram, so they don't have the resources and personnel to identify everything that raises red flags.

For example, it wasn't until late 2023 that Facebook got more serious with monitoring Chinese companies on their platform selling precursor chemicals like 4-piperidone, which drug cartels use to manufacture fentanyl. But that hasn't resulted in completely removing this chemical from being sold on the platform, either. In January 2023, an account named Libby Zhang posted about selling piperidone on Facebook.

With various OSINT strategies, we can better identify illicit businesses on social media.

Here are four you can use today.

  1. Run the business reviews through botbusters.ai, a tool from Cyabra that detects AI-generated text and imagery. If most posts come back as written by AI, that's an indicator that could suggest illicit activity. 
  2. The domain tied to the business claims to have served 100s or 1000s of clients on its webpage but was registered within the last few weeks. The age demographic of 65-85 tends to fall for these websites more than most, and it is often tied back to cryptocurrency investment scams.
  3. What type of keywords does the business use when promoting its products? For example businesses on social media that say things like our products are "customs cleared" are often involved in illicit activity.
  4. Monitor the page over an extended period to see what changes. Frequently, businesses involved in illicit activity change their address, point of contact and even the alleged business name that they operate under.

Keep in mind: These are just a few OSINT strategies that somebody can use to identify illicit businesses online. There are many other techniques out there to target this type of activity.

Recent Articles