Cybercriminals Use Facebook Profile Impersonation for Scams

Cybercriminals Use Facebook Profile Impersonation for Scams

Facebook has had a litany of problems almost since its inception. Creating a business model that has online advertising opened the door for some rather devious criminals. The unfortunate fact that Facebook users seemed to trust the social media platform enough to not only put large volumes of personal information but to also attach payment methods such as PayPal to their account offered a ripe opportunity for cybercriminals to take over their profile and impersonate the user for scams.

Cybercriminals have used a number of methods for profile impersonation and even though Facebook has online reporting to support, it has become a huge company and response can often be slow. Many of the perpetrators are derived from international sources such as China, the Ukraine and Russia. One of the most popular ways to accomplish profile impersonation is to surf through and fine the users that have any payment method attached to their profile, disable the notifications for the users, and then place bogus and counterfeit products on their account. The criminals use malware that is delivered via the web browsers so that it’s almost impossible to find them while also stealing the user’s password.

The algorithms that Facebook uses for advertising is almost a free gift to cybercriminals.  Facebook has designed their platform to align like products based on user preferences. The more that a user is on Facebook, the more data is gathered. This data mining concept is not new, as it is used by almost every online business involved in e-commerce, however Facebook has refined it to a very exceptional science. Facebook also links “friends” on the platform that may show an interest in the scams, and it allows for even more account takeovers. The “success” of some of these attacks was recognized when it was discovered that the criminals scammed users out of over $4 million in fraudulent situations.

Another Facebook breach occurred when criminals in the Ukraine tried to use the FB quiz apps to spread malware.

As a corporation, Facebook has invested in various cybersecurity programs and has gotten a lot better at locating cybercriminals as they attempt profile takeover. Working with experts, Facebook has also found the criminals and has taken quite a few to court. As Facebook has tightened their security measures using a variety of software, the cybercriminals seem to develop new ways to constantly test and overcome everything FB throws at the platform.

It has to be noted that the perpetrators didn’t focus on Facebook as a sole source. The scammers found in China also used the Amazon and Twitter platforms for their schemes. Cybercriminals continue to enhance their code and use testing to develop new tools for hacking. For Facebook, they even use geolocation to emulate authentic Facebook logins.

The growth of social media platforms has given these criminals an opportunity to hone malware so that it is designed specifically for social media. This is a change in approach from the past where malware was crafted on a broader landscape scale.

“As a majority of South Africans accomplish business online and access social media, DaVinci Forensics will continue to stay updated on the ways that cybercriminals attempt to breach and steal personal and proprietary data. We advise and share how people can keep their information safe and the proactive actions that should be taken to avoid falling prey to online perpetrators.”

– Sharon Knowles, CEO DaVinci Forensics

Source:

cyberscoop.com/facebook-silentfade-malware-fraud-millions/