Cisco Talos Discovers and Shuts Down 74 Cybercrime Groups on Facebook

Experts from Cisco Talos have discovered 74 cybercriminal groups on Facebook, with a combined membership of 385,000 people. Finding these groups on the social network was not difficult, given their explicit names such as Spam Professional, Spammer & Hacker Professional, Buy Cvv On THIS SHOP PAYMENT BY BTC, and Facebook hack (Phishing). Moreover, once a user joined one of these groups, Facebook’s recommendation algorithms would suggest other similar groups.

The content in these groups was nearly identical to what can be found on hacker forums and dark web marketplaces. Members bought and sold login credentials, phishing tools, banking card information, fake documents, spamming services, assistance with moving large sums of money, and even ready-made shell companies in various organizations and institutions, including government entities.

Reporting and Removal Process

Initially, Cisco Talos researchers tried to report their findings using Facebook’s standard violation reporting form, but this only led to the removal of a few groups. Eventually, the specialists had to contact Facebook representatives directly, which resulted in most of the groups being blocked. However, experts warn that not all “hacker platforms” were taken down, and new ones quickly appear to replace those that are removed.

Ongoing Cybercrime Activity on Facebook

This is not the first time cybersecurity researchers have highlighted cybercriminal activity on Facebook. In the spring of 2018, well-known journalist and researcher Brian Krebs exposed and helped remove nearly 120 similar private groups with around 300,000 members.

Cisco Talos experts believe that Facebook should not rely solely on user reports of abuse and violations to combat this activity. According to the researchers, the company needs proactive protection measures to prevent such groups from forming in the first place.