Home Articles How Cisco Talos Detected 74 Malicious Facebook Groups

How Cisco Talos Detected 74 Malicious Facebook Groups


Almost 74 malicious Facebook groups with nearly 385,000 members was involved in illegal trading of online credentials. Read on to know how Cisco Talos investigated these online illicit tradings…

Researchers from Cisco Talos detected almost 74 Facebook groups that were used to carry out illicit trading of stolen credentials, email addresses, private data, credit card information, and phishing kits. The 74 Facebook groups consisted of almost 385,000 members.

The Investigation
Researchers noted that these groups use obvious names such as ‘Spam Professional’, ‘Spammer & Hacker Professional’, and ‘Facebook hack (Phishing)’. “Despite the fairly obvious names, some of these groups have managed to remain on Facebook for up to eight years, and in the process acquire tens of thousands of group members,” Cisco Telos said in a blog post.

Some of these groups also involved in offering illegal services such as forging identification documents for verification, transferring cash to various accounts, selling identification documents along with photos of the victims, and more. The malicious group carried out “an array of questionable cyber dirty deeds, including the selling and trading of stolen bank/credit card information, the theft and sale of account credentials from a variety of sites, and email spamming tools and services”.

Modus Operandi
Researchers noted that Facebook users can easily identify these groups by simply searching for keywords such as ‘spam’, ‘carding’, or ‘CVV’. Also, if users join any of these groups, Facebook’s own algorithms will often suggest similar groups, making new criminal groups even easier to find.

Several of the activities on the malicious Facebook pages are outright illegal. For instance, Talos discovered that several posts where users were selling credit card numbers and their accompanying CVVs, sometimes with identification documents or photos belonging to the victims.

Others products and services were also promoted. The security researchers saw spammers offering access to large email lists, criminals offering assistance moving large amounts of cash, and sales of shell accounts at various organizations, including government. The security researchers also saw users offering the ability to forge/edit identification documents.

Action Taken
Cisco Talos initially attempted to take down these groups via Facebook’s abuse reporting feature, which removed some groups, while other groups only had individual posts removed. Later, Cisco Talos contacted Facebook’s security team and removed all the 74 illegal groups.

“Eventually, through contact with Facebook’s security team, the majority of malicious groups was quickly taken down, however new groups continue to pop up, and some are still active as of the date of publishing. Talos continues to cooperate with Facebook to identify and take down as many of these groups as possible,” Cisco Talos said in a blog.

While some groups were removed immediately, others only had specific posts removed. Talos said it continues to cooperate with Facebook to identify and take down as many of these groups as possible.


Please enter your comment!
Please enter your name here

+ 68 = 76