Fake or hijacked Facebook accounts used in scams to steal money are on the rise
Sweden recently experienced a large banking scam where over 1.2 million Swedish kronor (about $177,800) were stolen by infecting the computers of multiple victims. The attackers used a Trojan which was sent to the victims and, once installed, allowed the attackers to gain access to the infected computers. Luckily these guys were caught and sentenced to time in jail, but it took a while to investigate since over 10 people were involved in this scam.
It’s possible that these attacks are no longer as successful as the bad guys would like, because we are now seeing them use other methods to find and exploit new victims. For quite some time now we have seen how hijacked Facebook accounts have been used to lure the friends of whose account has been hijacked to do everything from click on malicious links to transfer money to the cybercriminals’ bank accounts.
Please note that this is not a new scam – it has been out there for quite some time. But what we are now seeing is the use of stolen/hijacked accounts, or fake accounts, becoming very common on Facebook. So common, in fact, that there are companies creating fake accounts and then selling access to them to other cybercriminals. As you might expect, the more friends these accounts have, the more expensive they are, because they can be used to reach more people.
The problem here is not just technical – it’s primarily a social problem. We use Facebook to expand our circle of friends. We can easily have several hundred friends on Facebook, while we in real life we may only have 50. This could be a problem because some of the security and privacy settings in Facebook only apply in your interactions with people who you are not friends with. Your friends, on the other hand, have full access to all the information about you.