What is the issue - Researchers from Cisco Talos have detected almost 74 Facebook groups that were used to carry out illicit trading of stolen credentials, email addresses, private data, credit card information, and phishing kits. The 74 Facebook groups consisted of almost 385,000 members.
Worth noting - Researchers noted that these groups use obvious names such as ‘Spam Professional’, ‘Spammer & Hacker Professional’, and ‘Facebook hack (Phishing)’.
The big picture
Cisco Talos detected almost 74 Facebook groups that were used to conduct a series of illicit activities ranging from buying/selling/trading stolen credentials to offering email spamming tools and services.
Some of these groups also involved in offering illegal services such as forging identification documents for verification, transfering cash to various accounts, selling identification documents along with photos of the victims, and more.
Researchers noted that Facebook users can easily identify these groups by simply searching for keywords such as ‘spam’, ‘carding’, or ‘CVV’. Also, if users join any of these groups, Facebook’s own algorithms will often suggest similar groups, making new criminal groups even easier to find.
What actions were taken?
Cisco Talos initially attempted to take down these groups via Facebook’s abuse reporting feature, which removed some groups, while other groups only had individual posts removed. Later, it contacted Facebook’s security team and removed all the 74 illegal groups.
“Eventually, through contact with Facebook's security team, the majority of malicious groups was quickly taken down, however new groups continue to pop up, and some are still active as of the date of publishing. Talos continues to cooperate with Facebook to identify and take down as many of these groups as possible,” Cisco Talos said in a blog.
The complete list of 74 groups that carried out illegal trade can be found in this spreadsheet.