Skip to Content
Security & privacy

Facebook still a popular place for cybercriminal groups to plot attacks

Facebook has always been a hotbed for fake news, misinformation, conspiracy theories, scam advertisements and hate groups but apparently, it also has a cybercriminal problem.

It turns out, illegal cybercrime services are not only available within the shady underbelly of the dark web — they are also advertised openly and quite brazenly within Facebook groups and pages!

The worse part about this news is this — Facebook is not doing nearly enough to police these groups. Read on and see why these thriving cybercriminal marketplaces within Facebook need to be stopped.

Cybercriminal groups spotted in Facebook yet again

New research from security researchers from Cisco’s Talos shows that Facebook is still a venue for groups that offer questionable services like the selling and trading of stolen credit and card and banking information, account credentials, stolen identities plus spamming and phishing tools.

All in all, Talos was able to compile a list of 74 Facebook groups that peddled a variety of unethical and illegal cybercriminal activities.

Other groups also served as discussion platforms for spamming and phishing tools and techniques. Overall, these groups have amassed around 385,000 members.

Talos noted that anyone with a Facebook account was able to easily locate these groups via a simple search. Keywords like “spam,” “carding,” or “CVV” will often return multiple hits and once joined, Facebook’s algorithms will even suggest similar cybercriminal groups.

Many of these groups were even using obvious names like “Spam Professional,” “Spammer & Hacker Professional,” and “Facebook hack (Phishing).” And shockingly despite these names, some of these groups were able to maintain their Facebook presence for up to eight years.

A thriving cybercrime marketplace

Talos also wrote that many of the activities on the reported Facebook pages were “outright illegal.”

Some were blatantly selling credit card numbers with their CVVs and sometimes identification documents and photos of their original owners were even included.

Image credit: Cisco Talos

Other cybercriminal services spotted include spammers selling access to large email lists, criminals offering money-laundering services, document and ID forgery and the sale of shell accounts at various institutions, including government organizations.

Some of the Facebook sellers apparently acted as middlemen who took a cut of the profits and used PayPal as their preferred payment method, However, almost always, the mode of payment was in the form of cryptocurrencies.

Although there seem to be a lot of complaints that some of the services offered were scams themselves, meaning the promised products weren’t delivered, Talos has verified that some of the peddled spamming tools are indeed authentic.

In one example, a Facebook post in one of these groups offered an ad spamming service that promised to send an Apple phishing email at targeted Hotmail and Yahoo accounts. Talos researchers were then able to locate and verify that same phishing email out in the wild.

Some of these Facebook posts might have been fake, but some were the real deal.

Cybercriminal activity on Facebook is not a new problem

As of this writing, it appears that all of the 74 Facebook cybercriminal groups exposed by the Talos report have been taken down. However, this is not the first time a shakedown of cybercriminal groups has happened on Facebook.

Last year, security blog KrebsOnSecurity forced Facebook to take down around 120 private groups with more than 300,000 members which brazenly promoted a variety of similar illegal cybercriminal activities including account takeovers, spamming, wire fraud, fake tax refunds, denial-of-service attacks, botnet creation and more.

Who will police these Facebook groups?

Based on these repeated occurrences, it looks like cybercriminal groups in Facebook continuously spawn and it’s practically a game of whack-a-mole each time.

The sad fact is that even though social media services like Facebook provide tools that connect people globally, these same tools can also be exploited for nefarious ends.

What’s worse is that even with its moderators and algorithms, it looks like Facebook would rather have its users police their own content.

But as proven time and time again, self-policing is virtually impossible. Instead, social media sites should do a more effective job in proactively protecting their users against harmful content, don’t you think?

For its part, here’s Facebook’s official statement:

“These Groups violated our policies against spam and financial fraud and we removed them. We know we need to be more vigilant and we’re investing heavily to fight this type of activity.”

Hopefully, these changes will come sooner than later.

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me