Home News Facebook Users Tricked in a Massive Phishing and Credit Card Scam

Facebook Users Tricked in a Massive Phishing and Credit Card Scam

one million card data exposed

Cybersecurity researchers from vpnMentor uncovered a global hacking operation targeting Facebook users after discovering an unsecured Elasticsearch database obtained by the threat actors. The hackers used the database to store usernames and passwords of around 100,000 Facebook account holders. The researchers stated that fraudsters behind this scam tricked users into entering their login credentials via an application pretending to reveal their Facebook profiles visitors.

The Next Phase of Scam

Once the fraudsters had the login credentials, they accessed the accounts to comment on Facebook posts published in the victims’ network. The comments include a separate network of scam websites that redirect users to fake Bitcoin scheme sites.

Threat Summary

 

Hackers’ Target

 

Facebook Users

Type of Scam

Phishing attacks and Credit card scam

Size of data

5.5 GB+

No. of people exposed in Bitcoin scam

100,000

No. of people exposed in Facebook scam

100,000

Types of data exposed

Facebook usernames and passwords, IP Addresses

 

The scam came to light after vpnMentor’s researchers found the leaky database used by hackers to harvest and store their victims’ details. While there is no evidence about whether the unsecured database was accessed or misused by any other malicious actors, the researchers stated they reported the issue to Facebook authorities.

“The fraudsters used the stolen login credentials to share spam comments on Facebook posts via the victims hacked account, directing people to their network of scam websites. These websites all eventually led to a fake Bitcoin trading platform used to scam people out of ‘deposits’ of at least €250 ($295). It was a vast operation, spanning the entire globe,” vpnMentor said.

“The most obvious action is the fraudsters taking over a person’s Facebook account, posting a link to one of their websites on the victim’s timeline, and tricking their friends into falling prey to the scam, growing its potential impact exponentially,” vpnMentor added.