Hackers Are Selling Your Social Media Data

Uploaded on 2020-05-05 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW

Social media companies are failing to clamp down on scammers selling people's personal details through their platforms, an investigation from consumer watchdog Which? has shown. It found 50 profiles, pages and groups on Facebook, Twitter and Instagram offering stolen credit-card details, and Netflix and Uber Eats accounts. Much of the content had remained on the platforms after being reported.
 
Facebook is a magnet for cyber criminals who see its nearly 1.6 billion monthly active users as 1.6 billion tempting targets and Facebook scams are the most common online attack method, according to the 2016 edition of technology firm Cisco’s Annual Security Report, with 33,681,000 examples identified by the company’s researchers, just ahead of JavaScript attacks in its malware chart.
 
Another point raised by the Report says, ‘In the post–Edward Snowden era, the geopolitical landscape for Internet governance has changed dramatically.... There is now pervasive uncertainty surrounding the free flow of information across borders. The landmark case brought by the Austrian privacy activist Max Schrems against the social networking giant Facebook had perhaps the biggest impact, leading the Court of Justice of the European Union (CJEU) to overturn the US Safe Harbor Agreement on October 6, 2015.’ 
 
Which? carried out an investigation before the coronavirus lockdown and found one Facebook post revealing a Yorkshire man's: full name, date of birth, address, mobile phone number, credit-card number, security code and expiry data and his bank name and sort code. According to Which? the post had been live for four months.
 
Only after Which? had requested a review of that decision had the post been removed - and, even then, the group in which it had been posted had remained active. In response, Facebook, which also owns Instagram, told the BBC that it had now acted to take down all the content.
 
 
Scam Tactics
On Twitter, investigators found fraudsters offering: 
  • the full credit-card details of someone with a "£13,000 plus balance" for £100 - or three sets of card details for £200
  • a fake passport for £3,000
  • Which? said it had found the content simply by searching for slang terms for fraud.
Twitter's algorithms had then even suggested similar accounts via its "Who to follow" section. Twitter said it was against its rules "to use scam tactics to obtain money or private financial information....here we identify violations of our rules, we take robust enforcement action," it said.
 
A Which? spokes is reported  to have said  "It's astonishing that social media sites make it so easy for criminals to trade people's personal and financial information, particularly as fraud is such a prevalent crime that can have devastating consequences." and Which? has called on Facebook and Twitter "to take stronger action to prevent their sites becoming a safe haven for scammers" and "work with the financial industry and police to address serious flaws with their platforms".
 
As Facebook and Twitter evolve so do the cyber criminals and this process will not stop and so your cyber security is very important for saving your information and money.
 
Which?:     Cisco:           Microsoft:           BBC:      Guardian
 
You Might Also Read: 
 
Millions of Facebook Profiles For Sale:
 
 
 
 
 
 
 
 
« The Impact Of Artificial Intelligence On Cyber Security
Microsoft Eliminates Cyber Attack Flaws »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

RISA

RISA

RISA solutions help to secure networks, improve overall network security, and achieve government regulatory compliance.

Talend

Talend

Talend is a leader in cloud and big data integration software. Applications include Risk and Compliance management.

OneLogin

OneLogin

OneLogin simplifies identity management with secure, one-click access,for employees, customers and partners, through all device types, to all enterprise cloud and on-premise applications.

HUB International

HUB International

HUB is one of the largest insurance brokers in the world. HUB Risk Services provides the full range of expert consulting to identify risks, reduce exposure to loss and manage claims issues.

Sucuri

Sucuri

Sucuri have offered holistic website security solutions since 2008 including malware removal, malware monitoring and website protection services.

Deep Identity

Deep Identity

Deep Identity is a boutique system integrator, with expertise in tailored identity governance & administration (IGA) and identity access management (IAM) solutions.

ThreatHunter.ai

ThreatHunter.ai

ThreatHunter.ai (formerly Milton Security) is a business that tracks down and mitigates attacks in real time using our ARGOS Platform and our Elite Threat Hunters.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

Atomicorp

Atomicorp

Atomicorp, the leader in Secure Linux, is a developer of solutions for the protection and support of cloud, virtual, shared, and dedicated web hosting environments.

Cologix

Cologix

Cologix provides reliable, secure, scalable data center and interconnection solutions from 24 prime interconnection locations across 9 strategic North American edge markets.

Blockchain Slovakia

Blockchain Slovakia

Blockchain Slovakia is a non-profit organization that brings together researchers, developers, entrepreneurs, regulators, investors and the public to support blockchain technology in Slovakia.

Fortra

Fortra

Fortra (formerly HelpSystems) is your cybersecurity ally, unified through the mission of providing solutions to organizations' seemingly unsolvable cybersecurity problems.

DataProtect

DataProtect

DataProtect is a specialized information security company providing consultancy, information management, integration and training services.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

ABS Group

ABS Group

ABS Group provides risk and reliability solutions and technical services that help clients confirm the safety, integrity and security of critical assets and operations.

Cyber Security Operations Consulting (CyberSecOp)

Cyber Security Operations Consulting (CyberSecOp)

CyberSecOp is an ISO 27001 Certified Organization which provides cyber security operations services and risk management consulting.