Incidents

Fake or hijacked Facebook accounts used in scams to steal money are on the raise

Sweden recently experienced a large banking scam where over 1.2 million Swedish kronor (about $177,800) were stolen by infecting the computers of multiple victims. The attackers used a Trojan which was sent to the victims and, once installed, allowed the attackers to gain access to the infected computers. Luckily these guys were caught and sentenced to time in jail, but it took a while to investigate since over 10 people were involved in this scam.

It’s possible that these attacks are no longer as successful as the bad guys would like, because we are now seeing them use other methods to find and exploit new victims. For quite some time now we have seen how hijacked Facebook accounts have been used to lure the friends of whose account has been hijacked to do everything from click on malicious links to transfer money to the cybercriminals’ bank accounts.

Please note that this is not a new scam – it has been out there for quite some time. But what we are now seeing is the use of stolen/hijacked accounts, or fake accounts, becoming very common on Facebook. So common, in fact, that there are companies creating fake accounts and then selling access to them to other cybercriminals. As you might expect, the more friends these accounts have, the more expensive they are, because they can be used to reach more people.

The problem here is not just technical – it’s primarily a social problem. We use Facebook to expand our circle of friends. We can easily have several hundred friends on Facebook, while we in real life we may only have 50. This could be a problem because some of the security and privacy settings in Facebook only apply in your interactions with people who you are not friends with. Your friends, on the other hand, have full access to all the information about you.

We are now warning users of a new scam which is being exploited. The bad guys are using stolen or hijacked accounts to send personal messages to their victims. They pretend to have a problem. For example, they claim to be stuck at an airport and say they need a few hundred kronor for a new ticket home. Or they pretend that their online banking token is broken and they ask to borrow the victim’s token. This sounds pretty trivial, but we have noticed that many people are unaware that a banking token is private and cannot be used for another account.

The idea behind this fraud is pretty simple. It rests on the fact that a large amount of personal information is posted on Facebook. Cybercriminals can easily build up a lot of information about a person. And if they are using a stolen account they can also easily look at the nature of the relationships between one victim and another.

We want all Facebook users to be aware of this, and to think twice before disclosing any information regarding your banking details, or lending out money to people. Here are some easy pointers:

  • Make sure that the person you talk to is really the person you think they are. Maybe call them on their cellphone, or contact relatives to verify if they are actually abroad.
  • Never give out any banking details on the Internet.
  • Don’t add or accept friend requests from people you don’t know.
  • Make sure you have protection against malicious code installed on your computer.
  • Remember to change passwords frequently and use complex, hard-to-guess passwords – use a mixture of letters, numbers and symbols. Also, nd don’t use the same password on Facebook as on other sites: if the password is compromised on one site, it may be used to access your Facebook account.

Fake or hijacked Facebook accounts used in scams to steal money are on the raise

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox