Cybercriminals trading in large volumes of Facebook accounts, say researchers


Cybercriminals trading in large volumes of Facebook accounts, say researchers

Warwick Ashford

Cybercriminals are selling fake and stolen accounts on social networking site Facebook in bulk in the underground economy, according to security researchers.

Criminals typically use Facebook accounts to send spam, send links to malicious software and to commit fraud.

Facebook accounts contain personal information that can be used to commit fraud. Facebook is attractive to fraudsters because of the high level of trust in the site.

In February alone, a hacker using the name "kirllos" tried to sell log-in credentials for 1.5m Facebook accounts through online criminal sites, VeriSign's iDefense division told The New York Times.

Kirllos has sold log-in data for about 700,000 Facebook accounts, according to iDefense estimates.

The hacker was charging $25 for 1,000 Facebook accounts with 10 or fewer friends and $45 for accounts with more than 10 friends.

The inclusion of many accounts with small numbers of friends suggests the seller could have created fake accounts using an automated tool, said iDefense.

But Facebook founder Mark Zuckerberg said the social networking sit has sophisticated ways to defeat fake accounts and he doubted the hacker's claim to control a large number of them.

Rapid-fire friend requests in a short timespan and a high percentage of ignored friend requests send alerts to administrators, Facebook said.

The firm also said an agent tried to buy some of the accounts on offer, but the seller was unable to come up with the goods.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy