Hackers Advertise Stolen Personal Data On Facebook

Uploaded on 2018-04-26 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

Criminals are using hundreds of groups on Facebook to advertise stolen credit card details, cyber-attacks and logins for hacked Amazon and Netflix accounts.

Brian Krebs, a security researcher, identified nearly 120 groups apparently dedicated to fraud, hacking and money laundering, activities normally associated with the “dark web”. The groups had more than 300,000 members and had been on Facebook for an average of two years, although some had been active for nine years.

Most of the groups advertised their intent by using terms associated with criminal activity in their names, such as “carding” (credit card fraud), “tax refund fraud”, “account takeovers” and DDoS (distributed denial of service attack), a form of cyber-attack.

Facebook has previously been criticised for hosting terrorist content and forums for paedophiles. Critics say that the company should use the same artificial intelligence tools it uses to screen for child abusers to identify other posts that promote illegal acts.

The biggest category of groups identified by Mr Krebs promoted the sale of stolen credit and debit card details.

The next largest offered automated methods for accessing user accounts of services such as Amazon, Netflix and PayPal using logins for other websites obtained from previous data breaches.

Facebook took down the groups after they were reported by Mr Krebs as a security researcher. When he previously reported them anonymously, however, the company said that they did not break its rules.
 
A member of one group advertised fraudulent websites for HMRC and UK banks that scammers could use to steal account details.

The groups identified by Mr Krebs were private groups, meaning members must be approved by moderators. However, some groups advertising the same services are public.

Yvette Cooper, chairwoman of the UK Parliamentary Home Affairs select committee, said: “This is yet more troubling evidence that social media companies like Facebook are not doing nearly enough to deal with illegal activity on their platforms.” She said that the committee would look at the issue as part of its inquiry into online crime and safety.

Facebook’s community standards prohibit the promotion or sale of illegal goods or services. The company said that once violations were reported its teams would review and remove the offending groups or posts. A spokesman added: “As technology improves, we will continue to look carefully at other ways to use automation.”

The Times

You Might Also Read:

Eight Reasons Why Facebook Has Peaked:

Millions Of Compromised Accounts Discovered On The Dark Web:

 

« DNA Data Storage Moves Closer To Becoming Reality
Cambridge Analytica Planned To Issue Digital Currency »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

LogicManager

LogicManager

LogicManager offer a complete set of IT governance, risk and compliance software solutions and advisory services.

Inogesis

Inogesis

Inogesis helps blue-chip organisations harness disruptive technologies and thinking to drive new revenues or overcome challenges by connecting them with dynamic small companies.

RedShield Security

RedShield Security

RedShield is the world's first web application shielding-with-a-service company.

Aricoma

Aricoma

Aricoma are Architects of Digital. We aim to become a major player in end-to-end IT services and digital transformation in Europe.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

FraudLabs Pro

FraudLabs Pro

FraudLabs Pro detects fraud and helps merchants to reduce e-commerce chargebacks by identifying high risk transactions.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.

HALOCK Security Labs

HALOCK Security Labs

HALOCK is an information security consultancy providing both strategic and technical security offerings.

Trusted Security Solutions (TSS)

Trusted Security Solutions (TSS)

TSS are specialist in IT Security and providing Cybersecurity Solutions & Services combined with storage and backup.

Threat Con

Threat Con

Threat Con is a one of its kind event in Nepal, a series of annual international security conventions similar to the famous Black Hat and DEF CON conferences.

Fortress SRM

Fortress SRM

Fortress SRM protects companies from the financial, operational, and emotional trauma of cybercrime by improving the security performance of its people, processes, and technology.

Hiya

Hiya

Hiya's mission is to secure voice with trust, identity and intelligence. We're protecting people from spam and fraud calls, and helping carriers secure their networks for all.

CyPro

CyPro

CyPro is a cyber security expert firm that specialises in providing cyber security services tailored for high-growth companies at every stage of their journey.