Thousands of fake Facebook profiles could be trying to steal your data

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
(Image credit: weerapatkiatdumrong / Getty Images)

Experts have warned of an ongoing cybercriminal campaign leveraging thousands of fake Facebook accounts and phishing pages in an attempt to obtain login data to financial service platform accounts belonging to public figures, celebrities, businesses, and sports teams.

Cybersecurity researchers from Group-IB’s Digital Risk Protection (DRP) team claim to have identified more than 3,200 fake Facebook accounts, some of which are impersonating Facebook and its parent company, Meta. 

Through these accounts, the attackers would target legitimate users of the social platform to try and get them to visit fraudulent Facebook login pages.

Targeting the English-speaking community

There, they’d get them to enter their login credentials, and effectively grant them access to their accounts. The premise is that many people use the same username/password combination across a wide variety of accounts and that their Facebook login credentials might work on more serious platforms, such as financial services. 

While the campaign is active in more than 20 languages, Group-IB experts are saying, the majority of the profiles impersonating Meta are speaking English. 

“The scammers impersonate Meta, Facebook’s parent company, in their public posts and on any of their more than 220 phishing sites,” Group-IB researchers Sharef Hlal and Karam Chatra wrote. 

“They appropriate Meta and Facebook’s official logos on their social media profiles and phishing web pages to make them appear legitimate and trustworthy in the eyes of users. These fake profiles have nothing to do with Facebook, and they are frequently taken down quickly by the social network.”

Phishing, especially when paired with identity theft, is a major threat to the online security of both consumers, and businesses. It’s vital IT teams educate their employees on how to spot fake accounts and fake login pages. The easiest way to spot a phishing page is in the address bar - if the address isn’t - it’s most likely a scam. 

Via: Infosecurity Magazine

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.