#28 - I used to stalk people on Facebook (legally)

In 2009, I started my fraud prevention journey when I joined PayPal as a fraud analyst.

Back then we had this saying: “Good people leave tracks”.

The idea was simple: fraudsters would try to cover their own tracks. They’ll use fake identities, sign up with disposable emails, delete browser cookies, and so on.

Either way, the identities they use would usually appear as brand new.

Legitimate customers, however, never bother with cleaning the bread crumbs they leave behind.

Back in 2009 when we reviewed fraud cases, it mainly meant that we stalked people on Facebook.

And boy, was I good at it.

One day, a colleague was reviewing a case she couldn’t decide on:

The account and card were American, but the IP came from Vietnam, a known fraudsters’ hub.

The Facebook page linked to the account’s email had nothing on it - no geotags on recent pictures, no status updates about traveling there, no liked pages that referred to the item purchased.

But there was one thing that caught my eye: the profile picture showed the person standing in front of a colonial-looking villa, surrounded by what looked to me like tropical vegetation.

I happened to backpack through Vietnam just a few years earlier, and I got strong vibes that the picture might have been taken there.

So I searched for “colonial building vietnam” in Google Images (that was before you could reverse search an image), and lo and behold, the very same building popped up immediately.

That’s how we knew the account holder was indeed traveling in Vietnam, and we decided to approve the purchase. It only took a minute.

Why am I telling you this story?

Firstly, to brag of course.

Secondly, I bet you cringed reading it.

Not because you suddenly remembered writing public statuses on your Facebook “wall” (that too…), but likely because you remembered how easy it once was to violate someone's privacy.

And if you forgot or weren’t around then, here’s ​an article from 2008 that shows exactly what you could do on Facebook​. Just be prepared for your skin to crawl.

Privacy awareness has changed fraud prevention tactics

In 2025, people are more aware of the dangers of over-sharing private information on social media.

But even more so, the regulatory environment has also changed, and so did the privacy settings platforms like Facebook enforce, especially on default.

As a private person and a parent, I’m glad to see these changes.

But as a fraud professional, that makes my job harder. Nowadays, it’s much harder to find those same bread crumbs good users leave behind.

Some would argue that you still have very similar capabilities today.

There are plenty of vendors out there who collect identity information, including which online services you subscribe to.

You can still use Google search and the limited search functionality the different SM platforms offer.

Lately, we’ve also seen how ​GenAI tools make OSINT analysis easy and fast​.

And of course, you can be even more creative than that. For example, collecting breached identity datasets is useful in extending the “history” of identities that are new to your business.

All these are great, but privacy settings will still limit your reach.

This mainly restricts our access to the behavior and social network of the user. Think about it:

Knowing where they are right now can remove suspicion of fraud in cases of geo mismatch.

Knowing what they like to do for fun can show direct relation to a purchase made.

Knowing who their close friends are can shed light on that suspicious P2P transfer.

Today, it all sounds cringeworthy.

But back in 2009 it was our secret weapon in fighting fraud.

Is privacy really obstructing us from fighting fraud?

There’s another way to look at how our culture evolved around privacy concerns.

And that has to do with the rise of scams as the prominent fraud threat of our day.

Just imagine what scammers and con artists could achieve if we had the same level of data security as 20 years ago.

Now that could make your skin crawl.

As fraud fighters, we tend to complain about privacy regulations and how they stand in our way to implement effective fraud prevention solutions.

But maybe it’s the other way around.

Maybe they give us a fighting chance…

Have questions or feedback? Reply to this email, I read all messages.

In the meantime, that’s all for this week.

See you next Saturday.

P.S. If you feel like you're running out of time and need some expert advice with getting your fraud strategy on track, here's how I can help you:

Free Discovery Call - Unsure where to start or have a specific need? Schedule a 15-min call with me to assess if and how I can be of value.
​Schedule a Discovery Call Now »​

Consultation Call - Need expert advice on fraud? Meet with me for a 1-hour consultation call to gain the clarity you need. Guaranteed.
​Book a Consultation Call Now »​

Fraud Strategy Action Plan - Is your Fintech struggling with balancing fraud prevention and growth? Are you thinking about adding new fraud vendors or even offering your own fraud product? Sign up for this 2-week program to get your tailored, high-ROI fraud strategy action plan so that you know exactly what to do next. ​
Sign-up Now »

Enjoyed this and want to read more? Sign up to my newsletter to get fresh, practical insights weekly!