Researchers at Cisco Talos detected an excess of 70 Facebook groups that have been selling black-market cyber-fraud services, some of which have managed to remain on Facebook for up to eight years, according to a Talos Intelligence blog post.
For several months, researchers have been investigating online criminal flea markets on Facebook, discovering a collective list of 74 groups. Members of the groups offer a wide range of services described as “shady (at best) and illegal (at worst) activities,” according to the research.
Though now removed, the groups were selling, buying or trading all types of illegal services, including ”stolen bank/credit card information, the theft and sale of account credentials from a variety of sites, and email spamming tools and services. In total, these groups had approximately 385,000 members.” Credit cards were often sold with CVV numbers, as well as some of the victim’s additional identification documentation.
Cyber-criminals and users looking to engage in illicit exchanges were able to navigate Facebook with relative ease, as they reportedly only needed a Facebook account to conduct category searches.
“Once one or more of these groups has been joined, Facebook’s own algorithms will often suggest similar groups, making new criminal hangouts even easier to find. Facebook seems to rely on users to report these groups for illegal and illicit activities to curb any abuse,” the authors wrote.
Group members requested government shell accounts or instructions on moving large amounts of cash, while others offered forged identification documents.
“The majority of the time, these sellers asked for payment in the form of cryptocurrencies. Others employ the use of so-called ‘middlemen’ who act as a go-between between the buyer and the seller of the information and take a cut of the profits. These users usually promoted the use of PayPal accounts to complete the transaction,” according to the blog.