Researchers discover 74 cybercrime groups on Facebook with 385,000 members



[ad_1]

A message from a cybercrime group deleted by Facebook.
Enlarge / A message from a cybercrime group deleted by Facebook.

Add spam, phishing and credit card fraud to the plagues that Facebook encourages. The company is already under the microscope for its role in spreading misinformation promoting white nationalism, conspiracy theories and opposition to life-saving vaccines. A report released on Friday indicates that Facebook is also helping criminals sell various cybercrime services.

In recent months, researchers at Cisco's Talos security group have compiled a list of 74 Facebook groups whose members had promised to carry out various unethical and even illegal activities. Some groups have acted as bazaars for the purchase, sale or exchange of stolen payment card data and pirated account identification information. Others served as a forum for selling spam and phishing tools. In total, approximately 385,000 users were members.

According to the Talos report:

These Facebook groups are pretty easy to locate for anyone with a Facebook account. A simple search for groups containing keywords such as "spam", "carding" or "CVV" usually returns several results. Of course, once one or more of these groups have been reached, Facebook's algorithms often suggest similar groups, making it even easier to find criminal meeting places. Facebook seems to depend on users to report to these groups illegal and illicit activities aimed at reducing abuse.

Talos initially attempted to remove these groups individually through Facebook's abuse reporting feature. While some groups were deleted immediately, other groups only deleted specific messages. Finally, through contact with Facebook's security team, the majority of malicious groups were quickly removed. However, new groups continue to appear and some are still active as of the date of publication. Talos continues to work with Facebook to identify and eliminate as many of these groups as possible.

Craig Williams, Talos' senior technology manager and Global Head of Advocacy, told Ars that on Thursday 74 Facebook groups had been dismantled. But he said that it was quite plausible that new groups pursuing the same illegal and unethical activities had taken their place. In fact, less than two minutes of research on Facebook highlighted groups that seemed to offer the same services. A group called Carding Secured has offered a range of services related to stolen credit card data. Others had names such as Spam Professional, Spammer and Hacker by Z0tlob and Spam 2019, although it was not easy to tell if they violated Facebook's terms of service prohibiting the offering of products or services. illegal services.

Friday's report makes it clear that some of the groups studied by Talos brazenly offered illegal services. A screenshot of a group shows a Facebook user peddling credit card data for as little as $ 7. For cards with protection verified by Visa, the cost was $ 15. Other screenshots show users selling credit card data, including CVV numbers, exposed email addresses in database violations, and services to create fake IDs. Most of the time, sellers look for payments in the form of cryptocurrency.

In many cases, Talos was able to confirm that illegal items or services sold in Facebook groups were being used in actual online crimes. In one message, a Facebook user announced a service that returned Apple-themed phishing emails in the inboxes owned by Hotmail and Yahoo Mail users. The publication contained the following image, illustrating the spammed messages received in one of these inboxes:

Cisco Talos

Talos researchers were then able to locate the same phishing message sent to users in the wild. An analysis showed the attached messages a malicious PDF file claiming to be an invoice for a purchase related to Apple. By clicking a link to view or cancel the order, users are redirected to a phishing website associated with a known phishing kit for Apple users.

Friday's report comes one year after journalist Brian Krebs reported that Facebook has cut nearly 120 groups of more than 300,000 members. Krebs had provided documentation showing that they were promoting a host of illicit activities on the social media network platform. Williams, Talos's head of external communications, said Facebook was facing a tough battle to rid its platform of cybercrime groups.

"These users are dedicated to Facebook," he said in an interview. "It's a bit like trying to kill cockroaches. If you kill 10, there are probably 20 more.

A spokesman for Facebook said: "These groups have violated our policies against spam and financial fraud and we have removed them. We know that we need to be more vigilant and invest heavily to fight this type of activity. "

On bottom, the spokesman said that Facebook's employees had removed the groups after confirming Talos's findings. Employees also identified users running deleted groups and blocked their ability to create new Facebook groups in the future. Facebook said that 30,000 people worldwide were working on safety and security, three times more than in 2017. They use a combination of user reports, technologies, and human analytics to apply policies.

[ad_2]

Source link