Facebook Scammers Pose As Support Staff On 3,200 Fake Profiles

Global cybersecurity experts Group-IB today published new research into a worldwide phishing campaign carried out on Facebook by cybercriminals impersonating Meta (Facebook’s parent company) support staff.

Between February and March 2023, Group-IB researchers based in Dubai identified over 3,200 Facebook profiles falsely claiming to be written by Meta support staff in over 20 languages. Upon discovering the scammers’ accounts, Group-IB’s Computer Emergency Response Team shared information with Facebook, which it must be noted had already deleted some of the offending profiles.

The cybercriminals’ goal was to hack the Facebook accounts of public figures and celebrities, businesses, sports teams, and individual accounts. As part of the elaborate scam, cookie data, and session hijacking were employed, though the criminals mostly used traditional phishing techniques to trick people into voluntarily entering email and password information.

Group-IB researchers began tracking this widespread scam in February 2023. As well as 3,200 fake Facebook profiles containing scam posts, the cybersecurity experts also discovered 220 websites intended to trick users into parting with their data.

The Details Of The Scam

This Facebook scammers used social engineering techniques to trick users into thinking their accounts were marked for suspension due to copyright violations. If victims attempted to verify their profile to prevent it from being blocked, they would be taken to a phishing website, where they were presented with a page that contained official-looking Meta or Facebook branding.

Also Read: Filmmaker Uses AI To Visualize Thousands Of Leaked Passwords

“Cybercriminals can use compromised accounts to launch further phishing attacks. Individuals can suffer legal and reputational damage [and] threat actors could also gain access to the victim’s financial services [and] hold compromised accounts for ransom, demanding payment from the victim for retrieval of the account,” says Sharef Hlal, Head of Group-IB’s Digital Risk Protection Analytics Team.

Group-IB recommends social network users ensure that their passwords are “strong and unique, and that they enable two-factor authentication (2FA) to provide an extra layer of security”. In addition, if you’re ever directed away from official social media platform pages, it’s a good idea to closely check the URL to ensure it’s legitimate.