Facebook is the world's largest social networking platform used by billions of users worldwide. This also makes it the ideal platform for scammers to get the maximum exposure on their illicit intent. There have been several scams, data breaches, cyberattacks executed by malicious actors even though they didn't originate from Facebook.

Now, a group of researchers has discovered a massive phishing and credit card fraud targeting Facebook users. As a result of the scam, the private date of over 200,000 users was exposed to an unprotected server. The vpnMentor researchers found an unsecured database contained 13.5 million records, which included Facebook usernames, passwords stored in plain text, names, phone numbers, domains of websites used in the scam, and more. The amount of data was collected from June to September 2020, but researchers suspect the operation to be running for much longer.

Zomato hacking

How Facebook users were lured to the scam?

Hackers lured Facebook users on the pretext of revealing who visited their profiles. When users visited the link, they were asked to log in using their username and password and the next page took users to a fake loading page. By then, the username and password credentials were exposed and captured in the database.

The next step would lead to users to Google Play Store, prompting users to download an app to reveal the list of people who visited your profile. But as expected, the app is bogus and does no such thing.

The Bitcoin scam


After capturing the login credentials of the users, the same was used to login and comment on Facebook posts published in the victim's network. Those who clicked the link would get redirected to sign up for a free Bitcoin trading account and deposit €250 into to start trading. But that money never gets deposited and goes straight into the pockets of fraudsters.

The scam operation was a global one and available in different languages.

"By taking over a person's Facebook profile, the fraudsters would also have access to their private data, personal details, contacts, messages with friends, and much more. With this information, someone could build a comprehensive profile of each user and use the details to target them in other scams, such as identity theft and financial fraud. If the fraudsters found sensitive, embarrassing, or criminalizing content in a person's Facebook messages, they could use this to blackmail and extort them," the researchers said.