#30: Passwordless Defaults, Meta's Scam Problem, and the Rise of In-Game Fraud

From big tech finally ditching passwords to lagging scam moderation on social platforms and a timely look at fraud targeting kids through games, this week’s headlines are a reminder: fraud doesn’t slow down just because the systems it's exploiting are widely adopted.

Let’s get into it.

NATE'S TAKE - MAY 6, 2025

Top Three This Week

1. Microsoft Accounts Will Be Passwordless by Default Starting This Summer
2. Meta Is the Slowest at Removing Scam Content, Says UK Regulator
3. Scams in Online Games Are Rising—Just as Kids Log On for Summer

1. Microsoft Accounts Will Be Passwordless by Default Starting This Summer

Microsoft has announced that new personal accounts will be passwordless by default starting this summer. Instead of setting a password, users will choose from alternative sign-in options like passkeys, the Microsoft Authenticator app, or biometrics.

The goal is to move away from passwords entirely, given their role in breaches and account takeovers. Microsoft says more than 10 million password attacks happen on its services every day, and most of them succeed because users reuse passwords or rely on weak ones.

This move is the latest sign that passwords are being phased out in favor of cryptographic alternatives that are more resistant to phishing and credential stuffing attacks. As we covered in FIF26, identity remains one of the most exploited surfaces in modern fraud—so eliminating weak entry points is a step in the right direction.

Still, passwordless logins aren’t immune to fraud. SIM swaps, account recovery abuse, and social engineering will continue to test how secure these systems really are.

2. Meta Is the Slowest at Removing Scam Content, Says UK Regulator

According to a new report by the UK’s Financial Conduct Authority (FCA), Meta takes longer than any other major platform to remove scam content—despite receiving more reports of financial scams than its competitors.

The FCA worked with several large tech platforms and found that Meta had the lowest response speed to scam reports and was among the least proactive in taking scam ads and posts down. The regulator also noted that Google was significantly faster and more responsive in comparison.

Meta said it’s investing in better detection tools and working with regulators, but the FCA’s findings suggest a disconnect between reporting volumes and enforcement action.

This builds on what we shared in FIF21 and FIF27, where Meta's platforms were repeatedly identified as high-risk environments for romance scams, crypto fraud, and impersonation attacks. When content moderation lags, scammers scale.

For fraud fighters, this is a reminder that platform safety isn’t just about tools—it’s about how fast they’re applied. If enforcement doesn’t move as quickly as abuse, the damage is already done.

3. Scams in Online Games Are Rising—Just as Kids Log On for Summer

A new advisory from Verizon warns that scams targeting kids inside online games are increasing, with fraudsters using gaming chats, friend requests, and in-game rewards to manipulate younger players.

The most common tactics include:

• Phishing links shared in chats, pretending to offer free currency or upgrades
• Social engineering, where scammers befriend kids to extract personal info
• Impersonation scams, where attackers pose as game support or friends to trick users into giving up access

The timing is important. With summer break around the corner, more students will be online, spending time in games and social platforms where these scams are common.

While parents and caregivers are the primary audience for this guidance, fraud teams at gaming platforms, marketplaces, and digital communities should take note: younger users are vulnerable targets, and the abuse often flies under the radar because it doesn’t always involve direct payments or traditional fraud signals.

As we’ve covered in FIF15, social platforms and gaming environments are becoming primary attack surfaces, not side channels. And with a new wave of younger users logging in this season, now is the time to tighten defenses.