Hackers use fake Bitcoin platform to scam Facebook users

Cybercriminals tricked Facebook users into providing login credentials for their private accounts through a tool pretending to reveal who was visiting their profiles.

November 17, 2020 05:02 pm | Updated December 23, 2020 03:08 pm IST

Hackers use fake Bitcoin platform to scam Facebook users.

Hackers use fake Bitcoin platform to scam Facebook users.

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Security researchers have uncovered a phishing and credit card fraud operation that targeted hundreds of thousands of Facebook users.

According to cyber security firm vpnMentor, the scam was discovered after researchers found an unsecured database containing 13.5 million records, totalling over 5.5GB of data, used by fraudsters to store private data of victims.

While the data came from a short timeframe, between June and September 2020, researchers believe the scam was probably much more extensive and had been operating for far longer.

Cybercriminals tricked Facebook users into providing login credentials for their private accounts through a tool pretending to reveal who was visiting their profiles.

They then used the stolen login credentials to share spam comments on Facebook posts, directing people to their network of websites that led to a fake Bitcoin trading platform used to scam people out of deposits of at least €250.

They were posting links directly to websites in the Bitcoin scheme, alongside many fake news websites and similar spam content to bypass and confuse Facebook’s fraud and bot detection tools.

However, the fake news websites created by the fraudsters eventually directed people to their Bitcoin websites. Occasionally, cybercriminals would also share links to legitimate news websites like the Washington Post for the same purpose.

vpnMentor says the operation was wide-ranging, and spanned the entire globe.

Researchers discovered the database on September 21 and contacted Facebook to notify the company of the fraud on its platform. While they were investigating further, the database was attacked and all the information wiped out. The database went offline the same day and was no longer accessible, the cybersecurity firm said.

“We believe the fraudsters did this following the Meow attack, but can’t confirm,” vpnMentor said in a report.

The team discovered hundreds of website domains in multiple international languages to lure users from different nationalities into the bitcoin scam.

Researchers advised Facebook users who think they have been victims of this fraud to change their login credentials immediately.

Additionally, they can change the reused Facebook password on any other accounts to protect them from hacking. They also asked users to never provide usernames and passwords for Facebook, email, or financial accounts to external websites.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.