Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Thousands of fake Facebook profiles could be trying to steal your data

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system

Experts have warned of an ongoing cybercriminal campaign leveraging thousands of fake Facebook accounts and phishing pages in an attempt to obtain login data to financial service platform accounts belonging to public figures, celebrities, businesses, and sports teams.

Cybersecurity researchers from Group-IB’s Digital Risk Protection (DRP) team claim to have identified more than 3,200 fake Facebook accounts, some of which are impersonating Facebook and its parent company, Meta. 

Through these accounts, the attackers would target legitimate users of the social platform to try and get them to visit fraudulent Facebook login pages.

Targeting the English-speaking community

There, they’d get them to enter their login credentials, and effectively grant them access to their accounts. The premise is that many people use the same username/password combination across a wide variety of accounts and that their Facebook login credentials might work on more serious platforms, such as financial services. 

While the campaign is active in more than 20 languages, Group-IB experts are saying, the majority of the profiles impersonating Meta are speaking English. 

“The scammers impersonate Meta, Facebook’s parent company, in their public posts and on any of their more than 220 phishing sites,” Group-IB researchers Sharef Hlal and Karam Chatra wrote. 

“They appropriate Meta and Facebook’s official logos on their social media profiles and phishing web pages to make them appear legitimate and trustworthy in the eyes of users. These fake profiles have nothing to do with Facebook, and they are frequently taken down quickly by the social network.”

Phishing, especially when paired with identity theft, is a major threat to the online security of both consumers, and businesses. It’s vital IT teams educate their employees on how to spot fake accounts and fake login pages. The easiest way to spot a phishing page is in the address bar - if the address isn’t facebook.com - it’s most likely a scam. 

Via: Infosecurity Magazine

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.