Facebook has booted more than 70 cybercrime groups off its platform that were peddling illicit services – from email spamming tools to stolen credentials and payment information sales – in plain sight.
Researchers said a simple search on Facebook for keywords like “spam,” “CVV” or more returned results for a slew of groups carrying out these illegal services. In total, the groups had approximately 385,000 members – and some had been up on Facebook for as long as eight years, researchers said.
“Over the past several months, Cisco Talos has tracked several groups on Facebook where shady (at best) and illegal (at worst) activities frequently take place,” researchers with Cisco Talos said in a Friday post. “The majority of these groups use fairly obvious group names, including ‘Spam Professional,’ ‘Spammer & Hacker Professional,’ ‘Buy Cvv On THIS SHOP PAYMENT BY BTC 💰💵,’ and ‘Facebook hack (Phishing).'”
Researchers said they have worked with Facebook to take down the majority of malicious groups – but new groups continue to appear, and some are still active today.
Many of the activities on the pages were illegal. For instance, researchers discovered several posts that sold credit card numbers and CVVs – sometimes even with identification documents or photos belonging to the victims.
Other pages featured spammers offering access to email lists, cybercriminals offering services for transferring large amounts of cash, and sales of shell accounts at various organizations, including government. Sellers typically asked for payment in the form of cryptocurrencies, researchers said.
“It’s unclear based on these groups how successful or legitimate some of the users are,” researchers said. “There are often complaints posted by group members who have been scammed by other group members.”
Ironically, when researchers joined some of these groups, Facebook’s algorithm suggested that they join other groups promoting illicit activity under its “Suggested Pages” tab.
“These Groups violated our policies against spam and financial fraud and we removed them,” a Facebook spokesperson told Threatpost. “We know we need to be more vigilant and we’re investing heavily to fight this type of activity.”
Facebook identified the accounts running these Groups and blocked their ability to create new Groups on Facebook going forward. The social media giant is also removing any Pages, Groups and accounts affiliated with these users and is continuing to investigate.
Researchers said that the incident points to an underlying issue on Facebook – and other social media – platforms: The inability to control and oversee what happens on various posts. Instead, Facebook relies on end users to report abuse on its platform, they said.
“So far, Facebook has apparently relied on these communities to police themselves, which for obvious reasons, these criminal communities are reticent to do,” they said. “As a consequence of this, a substantial number of cyber-scammers have continued to proliferate and profit from illegal activities.”
Already, Facebook is dealing with misinformation, spam and what it calls “inauthentic behavior” on its platform, and as it continues to crack down on these nefarious accounts the cybercriminal groups are just another addition to the mix.
Moving forward, social media platforms and end users need a better system allowing them to work together in identifying and removing malicious groups.
“Security teams and vendors must work together to actively share information, take action and inform our customers,” they said. “Businesses need to be diligent about their protection and cyber hygiene efforts. And finally, consumers need to become as informed and skeptical as possible. Attacks like spam prey on the individual as an entry point.”