What Are Closed Groups and How Are Bad Actors Using Closed Groups for eCrime?

by | Mar 16, 2023 | Blog, Trust and Safety

The internet has changed the way we communicate and interact with each other, particularly when it comes to connecting with people through social media and alternative platforms. Most users are passively aware of the difference between open and private/closed groups, and you yourself may be part of several. In this blog, we will establish the difference between closed and open groups and how closed groups are being leveraged for potentially criminal activities.

Introduction to Online Groups

An overwhelming variety of online networks and social groups are available today and people are using a mixture of traditional open groups and private/closed groups in order to find and connect with friends and business circles.

Due to their popularity, established framework, and user base – bad actors and criminals are also leveraging these established platforms to ease the process/operations of committing fraud, abuse, and other e-crimes. Social platforms and forums are easy places to find like-minded individuals and collaborate in public or in private.

The primary differentiator between an open group and a closed one is its level of security and privacy protection. Closed online groups offer members a safe space where they can communicate freely without fear of judgment or public scrutiny.

What is a Closed Group?

A closed group, also referred to as a restricted online community, is a group that requires an invitation or approval from a moderator to join. A creator or administrator may choose to use a closed group for a variety of reasons. They may simply want to keep out spam members or trolls, or they may want to create a more intimate community. Usually, closed groups will have fewer members than open groups.

Closed groups offer more privacy and greater control over who can view the information shared within the group. Additionally, because membership requirements are usually more stringent compared to open online communities, this also helps to attract like-minded people with similar interests or backgrounds. This makes it easier for people to find support within their own network rather than having to search through vast open forums with users from all walks of life.

In order to join most closed online groups, users must first apply for membership which typically involves providing personal information such as name, email address, location, etc., so administrators can verify their authenticity before granting access. This process creates a layer of protection by verifying each member’s identity and ensuring only those with permission are allowed in.

What is an Open Group?

An open or public group is one that anyone can join and/or read content on. Each platform is different in terms of how much they allow users to view without an account. For instance, you can read open group posts on Reddit or Quora without an account, or you can sign up for an account to read answers to questions on forums. Open groups don’t require an invitation or approval from an administrator to join. The upside of these groups is that they can foster discussion and create a community without any barriers to entry. The downside is that they are more susceptible to spam and trolling.

Useful Features of Closed Groups

The creators of online platforms provide closed groups because they offer a variety of benefits to users. Here are a few that cybercriminal abuse for their own gain:

Improved Communication

Since members of closed groups have to be vetted and approved, communication within these groups tends to be more open and honest. There are fewer concerns about what others will think or say because everyone in the group has something in common. This improved communication can lead to better decision-making, more focused discussions, and better problem-solving.

This communication channel is also beneficial for consolidating discussions in an accessible online environment. Users can simply log in and see historical information or connect through direct messages, keeping other personal affairs from intermingling.

Quality Control

Depending on the platform, a closed group may require moderator approval. This is another benefit that protects the group at large from junk or incendiary contributions. Generally, closed groups will have stricter controls around spammers and since members are evaluated and then admitted, it helps set a standard around authentic and high-quality content.

Since closed groups can allow moderators to control content visibility, they can also lead to increased productivity because members are not wasting time sifting through low-quality content or content that is not relevant to their objectives or interests.

Community and Belonging

Closed groups tend to foster a sense of community because members feel safe to share and engage, knowing that sharing their common interests won’t be seen as weird. In short, if you’re part of the group, you’re less likely to be emotionally rejected. As humans, that’s important.

From a platform perspective, Community Standards and Policies are established to keep users safe, but criminals are still pervasive in their efforts around terrorism and disinformation. Check out this interesting research performed by the Carnegie Endowment for International Peace for more information about platform policies and how they’re working to keep people safe.

For threat actors, community is also important because it can help inspire or instigate action. Group think and/or a false consensus is helpful for recruiting and assembling around a cause. People within these groups may manipulate others into actions that might in other contexts seem out of bounds.

Conversely to the positives, it should be noted that harassment is a serious problem that can occur in both open and closed online groups. People who participate in closed groups online may feel more emboldened to harass and intimidate other members due to the anonymity provided by these restricted communities.


One of the most important benefits of a closed online group is privacy. When the group is closed and only certain people have access to the information shared, members can rest assured knowing that only those who are supposed to have access to their information will be able to see it. For most users, this feature can be used for something as harmless as asking medical questions that they don’t want work colleagues, friends, or family to see.

For criminals, privacy, and sometimes anonymity within groups, helps keep nefarious operations under the radar.

Common Crimes Planned in Closed Groups

Unfortunately, due to the increased security measures as compared to open online communities closed groups provide a safe place for crimes to be planned. Even with trust and safety teams working on large platforms, criminals are relentless and will quickly spin up and down groups to enable their operations. Multiple groups, as well as anonymity, allow them to work together without detection by authorities.

One type of cybercrime that occurs in closed online groups is online fraud. This includes scams, phishing schemes, identity theft, and money laundering. Additionally, fraudulent activity can also take place within the group itself if users are not careful about who they give access to their personal accounts or information – contributing to information leakage.

Here are common social media exploitation techniques used in both closed and open groups by criminals.

Outside-In Perspectives

Closed groups serve as a breeding ground for criminality as threat actors can communicate and collaborate away from public view. Monitoring closed groups makes it possible to identify threats in the planning phases, accelerate the identification of insider threats, and keep closer tabs on brand sentiment. This helps to provide an early warning system for security teams.

Developing intelligence from closed groups provides unique visibility into the narrative around your brand and an outside-in perspective of emerging risks. That said, gaining access to closed groups requires the right tools and tradecraft. When appropriate, threat hunting and attribution can help stop threat actors from profiting off your platform and/or creating an unsafe environment for your general users.

We encourage each user of a group to make sure their security measures are updated and current and that they are taking preventative measures to ensure their personal information is protected. It is prudent to always think before exchanging information with unknown individuals or engaging in any kind of online activity, even if the group seems safe. By exercising caution when sharing online, users can greatly reduce their chances of becoming victims of cybercrime while still enjoying the benefits offered by participating in an online closed group environment.

Interested in learning more about our outside-in approach? Learn about Nisos’ Threat Landscape Assessment.

If you’d like to learn more about how social networks are being used for committing crimes, check out this comprehensive research study published by Elsevier.

About Nisos®

Nisos is The Managed Intelligence Company®. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.