Threat actors compromise accounts using social engineering tactics to convince their targets to take action, divulge sensitive information, or install malware to gain unauthorized access to legitimate user accounts. Once an account is compromised, they impersonate the victim to conduct further malicious activity. Threat actors can change account information, such as name, date of birth, email address, and phone number, and lock the victim out of their account by updating the password and multi-factor authentication (MFA) method. They can also post information and/or images that violate Facebook’s terms and conditions or acceptable use policies. Additionally, they can communicate with the contacts in the victim’s address book to conduct social engineering attacks, send harassing messages, threaten extortion, steal funds, or install malware. Scams can also result in exfiltrated data, identity theft, and financial loss. |
The NJCCIC received an uptick in reports of compromised Facebook accounts impacting New Jersey residents and businesses. In the past month, victims reported that their Facebook account was compromised, while others reported that their contact’s account was compromised. Once compromised, the threat actors communicated with the victims’ contacts to lure and defraud them. The threat actors initially monitored Facebook activity to build trust and solicit the victims’ contacts in cryptocurrency investment schemes . However, they later changed their tactics to create posts playing on emotion and claiming to sell expensive items, such as used cars, on behalf of their sick or deceased relative, typically an uncle. The victims’ contacts believed the sale lure was authentic and thought they communicated directly with legitimate users through Facebook Messenger. However, they made $500 to $2,000 payments, typically through Zelle, under false pretenses to the threat actors. |
In another example, threat actors messaged the victims’ contacts through Facebook Messenger. The message instructed them to vote to win a prize by clicking the link. If clicked, the Facebook account was compromised. Then, the victims’ contact received an email purportedly from Meta, claiming an issue with their account. To regain access to their account, they needed to verify their identity by submitting the MFA code, the front and back of their official identification, and a one-minute video of themselves. |
Threat actors recently reintroduced Facebook page deletion scams from several years ago. They target businesses with phishing emails, claiming to be from Meta and falsely accusing them of violating Facebook’s trademark rights. The urgent messages threaten to permanently delete their Facebook page if they do not respond by clicking the link, which is intended to steal account credentials. Meta does send notifications for rule violations; however, they include a “disagree with decision” or appeal icon directly on the suspended page. |
Other Facebook scams include potential victims buying gift cards and sending gift card numbers through Facebook Messenger, non-payment of goods sold on Facebook Marketplace, and requests to purchase Facebook Marketplace goods with pre-paid credit card links to accept the requests and enter financial information. Additionally, scam Facebook groups steal photos, videos, and posts from legitimate groups to promote as their own, engage users, and conduct fraudulent schemes, such as links for fake merchandise intended to collect information from unsuspecting victims. |