Hackers Advertise Stolen Personal Data On Facebook

Uploaded on 2018-04-26 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

Criminals are using hundreds of groups on Facebook to advertise stolen credit card details, cyber-attacks and logins for hacked Amazon and Netflix accounts.

Brian Krebs, a security researcher, identified nearly 120 groups apparently dedicated to fraud, hacking and money laundering, activities normally associated with the “dark web”. The groups had more than 300,000 members and had been on Facebook for an average of two years, although some had been active for nine years.

Most of the groups advertised their intent by using terms associated with criminal activity in their names, such as “carding” (credit card fraud), “tax refund fraud”, “account takeovers” and DDoS (distributed denial of service attack), a form of cyber-attack.

Facebook has previously been criticised for hosting terrorist content and forums for paedophiles. Critics say that the company should use the same artificial intelligence tools it uses to screen for child abusers to identify other posts that promote illegal acts.

The biggest category of groups identified by Mr Krebs promoted the sale of stolen credit and debit card details.

The next largest offered automated methods for accessing user accounts of services such as Amazon, Netflix and PayPal using logins for other websites obtained from previous data breaches.

Facebook took down the groups after they were reported by Mr Krebs as a security researcher. When he previously reported them anonymously, however, the company said that they did not break its rules.
 
A member of one group advertised fraudulent websites for HMRC and UK banks that scammers could use to steal account details.

The groups identified by Mr Krebs were private groups, meaning members must be approved by moderators. However, some groups advertising the same services are public.

Yvette Cooper, chairwoman of the UK Parliamentary Home Affairs select committee, said: “This is yet more troubling evidence that social media companies like Facebook are not doing nearly enough to deal with illegal activity on their platforms.” She said that the committee would look at the issue as part of its inquiry into online crime and safety.

Facebook’s community standards prohibit the promotion or sale of illegal goods or services. The company said that once violations were reported its teams would review and remove the offending groups or posts. A spokesman added: “As technology improves, we will continue to look carefully at other ways to use automation.”

The Times

You Might Also Read:

Eight Reasons Why Facebook Has Peaked:

Millions Of Compromised Accounts Discovered On The Dark Web:

 

« DNA Data Storage Moves Closer To Becoming Reality
Cambridge Analytica Planned To Issue Digital Currency »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ComSec LLC

ComSec LLC

ComSec perform threat assessments to identify vulnerabilities and help protect businesses against corporate espionage via electronic eavesdropping.

Virtual Security

Virtual Security

Virtual Security provides solutions in the field of managed security services, network security, secure remote work, responsible internet, application security, encryption, BYOD and compliance.

CloudLayar

CloudLayar

CloudLayar is a cloud-based website firewall for protecting your website against online threats.

Gate 15

Gate 15

Gate 15 provide risk management services focusing primarily on information, intelligence and threat analysis, operational support and preparedness.

CommuniTake

CommuniTake

CommuniTake builds security, enablement, and management solutions to provide people and organizations with better, and more secure mobile device use.

ClearBlade

ClearBlade

ClearBlade is the Edge Computing software company enabling enterprises to rapidly engineer and run secure, real-time, scalable IoT applications.

Seekurity

Seekurity

Seekurity is an information security consulting firm specialized in all areas of Cyber Security including Penetration Testing, Vulnerability Assessments and Risk Management.

Kocho

Kocho

Kocho (formerly TiG) is a provider of identity and access, cyber security, cloud transformation, and managed IT services.

Nassec

Nassec

Nassec is a Cyber Security firm dedicated to providing the best vulnerability management solutions. We offer tailor-made cyber security solutions based upon your requirements and nature of business.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

Threatsys Technologies

Threatsys Technologies

Threatsys’s Integrated cyber security process helps your organizations to ensure that it’s secure from any fraudulent attacks.

Salus Cyber

Salus Cyber

Salus is a provider of world-class cyber security services, enabling our clients to identify and manage their cyber risks proactively and effectively.

Prompt Security

Prompt Security

Prompt Security provides an LLM agnostic approach to ensure security, data privacy and safety across all aspects of Generative AI.

Trustack

Trustack

Trustack services cover connectivity, infrastructure services, security, unified comms, agile working and more. Our team of consultants deliver customised solutions tailored to your needs.

ITButler e-Services

ITButler e-Services

At IT Butler, our mission is crystal clear: we are dedicated to providing top-tier cybersecurity solutions and best-practice methodologies to secure and enhance your digital infrastructure’s resilienc

Silicon Valley Cybersecurity Institute (SVCSI)

Silicon Valley Cybersecurity Institute (SVCSI)

SVCSI aims to investigate, develop, and promote technical excellence and the best security practices for dependable and secure systems and applications.