Warning to all Facebook users after accounts are stolen in widespread ‘malvertisement’ scams
Facebook users are being warned that hackers are stealing accounts and scamming people out of thousands of dollars as part of new scams.
Cybercriminals turn friendship into fraud by using the stolen accounts to create false listings for items and steal money from her online “friends.”
In one case, a Texas woman named Erin Jackson realized her account had been locked out when she tried to log into her Facebook page and discovered that a hacker had already listed items for sale.
The post stated that her father was moving to a care facility and that she needed to sell the items quickly, but such items did not exist.
Another person fell victim earlier this year when a hacker gained access to his account and listed fake items, including tractors, four-wheelers and airline tickets for sale.
In both cases, Facebook’s parent company Meta reportedly took days to resolve the issue, giving the hackers time to steal money from unsuspecting users.
The number of reports of hackers taking over the accounts of Facebook users is increasing. Last year alone, an average of 68,000 users sought help with a hacked Facebook account on Google.
Malvertising campaigns have also skyrocketed on the platform, as hackers use ads promoting games, adult content and other software to gain access to people’s accounts by stealing login credentials, browsing history and cookies.
Users are advised to take steps to protect their accounts, including setting up two-factor authentication and avoiding clicking on suspicious links or advertisements.
Facebook users have reported that hackers are taking over their accounts to promote malvertising and offer fake items for sale
Other similar scams include funeral posts asking people to donate money to tune in to a livestream of a funeral that doesn’t exist.
Users say Meta – which has more than three billion Facebook users worldwide – allegedly failed to take the crimes seriously and victims have accused the company of ignoring the reports.
A woman named Lesa Lowery said a hacker impersonated her on Facebook for three days and stole thousands of dollars from her friends for goods she said didn’t exist.
“It was a lot of really good things – hot tubs, trucks, tractors and all these people sending messages,” Lowery said. CBC News.
“I just felt helpless,” she said, adding, “I was literally sitting there crying.”
Hackers also use more sophisticated methods to trick people into believing the message is real, such as using the person’s real address or locating the exact section the victim would be sitting in during a hockey game.
The information is not difficult to find and is used to make the messages seem more realistic.
Jackson said the messages promised that if someone immediately made a down payment on her father’s belongings, she would not discuss the item with anyone else.
‘[The post] was very believable to my friends and even some family members because my father is older and has had health problems. It’s something that wouldn’t have been a shock to anyone,” she said.
When a friend asked where she could pick up one of the items before making the deposit, she was given Jackson’s address.
Hackers kick users out of their own accounts and take them over to spread more malware
Hijacked accounts are a way for hackers to increase the number of people they can reach without having to create their own Facebook accounts.
This includes the latest hacking software that first appeared last year, called SYS01stealer.
The software, called SYS01stealer, has nearly 100 malicious domains that create targeted advertisements that entice users to click on them and reveal their personal information.
In an analysis of the software, cybersecurity firm Trustwave said: “There is a possibility that not only their browsing data will be stolen, but their Facebook accounts will also be stolen to further spread malvertises and continue the cycle.”
Susan Balmer was victimized again in April this year when a hacker used her account to sell fake Taylor Swift concert tickets.
She claimed that she reported the fraudulent activity on Facebook’s website and allegedly wrote to the company several times, but the page was only removed when Senator Dan McConchie (R-Illinois) saw a report of Balmer’s story on NBC5.
“I was able to reach someone here in the state that I knew who worked for Meta, the parent company of Facebook,” McConchie told the outlet.
Within days of his involvement and two months after the tickets were listed, Meta had finally taken down the hacked page.
In March, a coalition of 41 attorneys general said Meta abandoned victims and sent a message letter demanding that the company take “immediate action” to protect the stolen user accounts.
They argued that the “dramatic and sustained spike” in complaints and lack of response from Meta had caused a “substantial depletion” of government resources as they relate to financial crimes.
“We have received a number of complaints about threat actors fraudulently charging thousands of dollars to stored credit cards,” said the letter addressed to Meta’s chief legal officer, Jennifer Newstead.
“Additionally, we have received reports of threat actors purchasing ads to run on Meta,” the report continued.
‘We decline to act as customer service representatives for your company. Good investments in response and mitigation are mandatory.’
A Meta spokesperson responded to the letter with a narrative WIRED that ‘scammers use every platform available to them and continually adapt to evade enforcement. We invest heavily in our trained enforcement and assessment teams and have specialized detection tools to identify compromised accounts and other fraudulent activity.”
The spokesperson did not address the company’s lack of response to users’ hacked accounts, saying instead: “We regularly share tips and tools that people can use to protect themselves, providing a way to report potential violations , cooperate with law enforcement and take legal action.”
DailyMail.com has reached out to Meta for comment.