Warning to all Facebook users after accounts are stolen in widespread 'malvertisement' scams

1 month ago 6

Facebook users are being warned that hackers are stealing accounts and swindling people out of thousands of dollars as part of new scam schemes.

Cybercriminals are turning friendship into fraud by using the stolen accounts to create fake listings for items to steal money from her online 'friends'.

In one case, a Texas woman named Erin Jackson realized she was locked out of her account when she tried to sign in to her Facebook page and found a hacker had already listed items for sale.

The post claimed her dad was moving into an assisted care facility and she needed to sell the items quickly, but no such items existed.

Another person became a victim earlier this year when a hacker gained access to his account and falsely listed items including tractors, four-wheelers and airline tickets for sale.

In each case, Facebook's parent company Meta reportedly took days to fix the issue, giving the hackers time to steal money from more unsuspecting users. 

Reports of hackers taking over Facebook user's accounts are on the rise, with an average of 68,000 users searching for help with a hacked Facebook account on Google in the last year alone.

Malvertising campaigns have also skyrocketed on the platform as hackers use ads that promote games, adult content and other software to gain access to people's accounts by stealing login details, browsing history and cookies.

Users are advised to take steps to protect their accounts including setting up two-factor authentication and avoid clicking on any suspicious links or advertisements. 

Facebook users have reported that hackers are taking over their accounts to promote malvertising and post fake items for sale

Other similar scams include creating bereavement posts that ask people to donate money to tune in to a funeral livestream that doesn't exist. 

Users say Meta - which has more than three billion Facebook users worldwide - has allegedly not taken the crimes seriously and victims have accused the company of ignoring the reports.

A woman named Lesa Lowery said a hacker impersonated her on Facebook for three days and stole thousands of dollars from her friends for goods that she said didn't exist.

'It was a multitude of really good things — hot tubs, trucks, tractors and all these people were messaging,' Lowery told CBC News

'I just felt helpless,' she said, adding: 'I literally sat there and cried.'

Hackers are also using more advanced methods to trick people into believing the post is real like utilizing the person's real address or locating the exact section the victim would sit in at a hockey game.

The information isn't difficult to find and is used to make the posts seem more realistic. 

Jackson said the posts promised that if a person paid a deposit for her father's belongings immediately, she wouldn't discuss the item with anyone else.

'[The post] was very believable to my friends and even some of my family members because my father is older and has had health problems. It's something that wouldn't have been a shock to anyone,' she said. 

When one friend asked where to pick up one of the items before making the deposit, she was given Jackson's address. 

Hackers are kicking users out of their own accounts and taking them over to spread more malware 

Hijacked accounts are a way for hackers to increase the number of people they can reach without needing to create their own Facebook accounts.

This includes the most recent hacking software that first appeared last year called SYS01stealer.

The software, called SYS01stealer, has nearly 100 malicious domains that creates targeted ads that lure users into clicking on them and revealing their personal information.

In an analysis of the software, the cybersecurity company Trustwave said: 'There is a possibility of not only having their browser data stolen, but also having their Facebook accounts stolen to further spread malvertisements and continue the cycle.' 

Susan Balmer became yet another victim in April of this year when a hacker used her account to sell fake Taylor Swift concert tickets.

She claimed she reported the fraudulent activity on Facebook's website and reportedly wrote to the company several times, but the page wasn't taken down until Sen Dan McConchie (R-Illinois) saw a report of Balmer's story on NBC5

'I was able to reach out to someone here in the state who I knew who did work with Meta, the parent company of Facebook,' McConchie told the outlet.

Within days of his involvement and two months after the tickets were listed, Meta had finally disabled the hacked page.

In March, a coalition of 41 state attorneys general said Meta has abandoned victims and sent a letter demanding the company take 'immediate action' to protect user's accounts who have been stolen.

They argued that the 'dramatic and persistent spike' in complaints and Meta's lack of response had caused a 'substantial drain' on government resources because they are tied to financial crimes.

'We have received a number of complaints of threat actors fraudulently charging thousands of dollars to stored credit cards,' said the letter addressed to Meta's chief legal officer, Jennifer Newstead.

'Furthermore, we have received reports of threat actors buying advertisements to run on Meta,' it continued. 

'We refuse to operate as the customer service representatives of your company. Proper investment in response and mitigation is mandatory.' 

A Meta spokesperson responded to the letter, telling WIRED that 'scammers use every platform available to them and constantly adapt to evade enforcement. We invest heavily in our trained enforcement and review teams and have specialized detection tools to identify compromised accounts and other fraudulent activity.' 

The spokesperson did not address the company's lack of response to user's hacked accounts, instead saying: 'We regularly share tips and tools people can use to protect themselves, provide a means to report potential violations, work with law enforcement and take legal action.' 

D ailyMail.com has reached out to Meta for comment. 

Read Entire Article
Progleton News @2023