Tech (non)support: Scammers pose as Meta in Facebook account grab ploy

What happens when the people who are meant to stop scams spreading on social media are being impersonated by the scammers themselves? Facebook has over 2.9 billion monthly active users, and accounts on this social network are an attractive target for cybercriminals looking to steal personal information. Group-IB Digital Risk Protection (DRP) experts have discovered a new and still ongoing phishing scheme aimed at Facebook users that sees threat actors attempt to steal account credentials and take over profiles. Throughout February and March 2023, Group-IB researchers identified more than 3,200 scam profiles that were either compromised or created by the cybercriminals who launched this campaign. The scam is conducted in more than 20 languages, although Group-IB experts found that the vast majority of the profiles impersonating Meta posted in English. Upon discovery of these phishing profiles, Group-IB’s Computer Emergency Response Team (CERT-GIB) shared information on the compromised and created accounts with Facebook in line with Group-IB’s responsible disclosure protocol.

With this phishing campaign, the scammers’ ultimate aim is to gain access to the Facebook accounts of public figures, celebrities, businesses, sports teams, as well as individual profiles, to steal sensitive information, and potentially use the same compromised credentials to gain access to other accounts held by the individual. The latter is possible given the all-too-common occurrence that a person uses the same combination of username and password for multiple services, and this poses serious risks for their accounts on financial services platforms.