A series of Facebook groups with almost 400,000 users have been removed after cybersecurity researchers found they were openly being used to to sell hacked personal data, offer phishing services and other illicit behaviour.
While many cyber criminals opt to use underground forums on the dark web to trade data and services, researchers at security company Cisco Talos have detailed how 385,000 Facebook users were found to be members of 74 groups focused in highly suspicious activity. Some of the groups had been active on Facebook since 2011 and have acquired tens of thousands of group members.
These Facebook groups aren't even difficult to find, with researchers noting how anyone with a Facebook account who searchers for keywords such as "spam," "carding," or "CVV" will see multiple research results.
Once a user joins one group, they're also easily able to access many more without even actively searching: because Facebook's engagement algorithms offer up similar groups, making them easy to find.
"When you join one group, Facebook automatically recommends similar groups. This is a great way to help users discover communities," Martin Lee, outreach manager at Cisco Talos told ZDNet. "But there is a flip side. Think of it this way – if you joined a group designed to help you 'cheat' at a video game, it's possible you get served up similar 'cheating' groups that trade in illegal services."
In many cases, a look at the contents of the pages displays illegal activity, with users openly selling stolen credit card numbers, identities and other information which could be used to conduct fraud.
Other illicit activity on display in these Facebook groups included users selling lists of email addresses for use in spam and malware campaigns, stolen login credentials allowing access to corporate and government accounts, and criminals offering money laundering and transfer services, usually involving cryptocurrency.
There's also evidence which suggests that some of the services on offer aren't real – rather some users are are actively trying to use Facebook to scam others in the group.
Cisco Talos researchers attempted to take down the groups by using Facebook's abuse-reporting function – a tactic that saw some groups removed, while others just saw individual posts removed.
Researchers eventually made direct contact with Facebook's research team about the groups, which resulted in the majority of groups taken down.
"These Groups violated our policies against spam and financial fraud and we removed them. We know we need to be more vigilant and we're investing heavily to fight this type of activity," a Facebook spokesperson told ZDNet.
The situation represents an ongoing problem for Facebook, which had to remove a number of groups conducting cyber-criminal activity last year - however, new groups have continued to spring up in the past 12 months and some groups managed to avoid removal during the last takedown.
Cisco Talos continues to work with Facebook to identify and take down new, suspicious and illegal groups as they emerge.
"There is no magic bullet here. Criminals are adept at abusing social platforms. To remove these activities we all need to work together," said Lee.
"Platform administrators need to play their part in identifying and removing malicious groups. The wider security community must work together to actively share information, take action and inform our customers.
"But also users need to be proactive in reporting abuse when they encounter it to help take down these groups," he added.
READ MORE ON CYBER CRIME
- The latest dark web cyber-criminal trend: Selling children's personal data
- Credit card thieves are getting smarter. You can, too CNET
- Facebook: We stored hundreds of millions of your passwords in plain text
- Hackers turn to data theft and resale on the Dark Web for higher payouts TechRepublic
- Cybercrime and cyberwar: A spotter's guide to the groups that are out to get you