Scammers Impersonate Meta in Facebook Campaign With 3200 Profiles

Written by

A new phishing scheme aimed at Facebook users and relying on over 3000 fake profiles has seen threat actors attempting to steal account credentials.

Group-IB Digital Risk Protection (DRP) experts described the campaign in an advisory published today, adding that it is still active at the time of writing.

“Throughout February and March 2023, Group-IB researchers identified more than 3,200 scam profiles that were either compromised or created by the cybercriminals who launched this campaign,” wrote Group-IB’s Sharef Hlal and Karam Chatra.

“The scam is conducted in more than 20 languages, although Group-IB experts found that the vast majority of the profiles impersonating Meta posted in English.”

According to the security experts, the ultimate goal of this campaign is to gain access to the Facebook accounts of public figures, celebrities, businesses and sports teams, among others, to steal sensitive information and use it to access additional accounts.

“The latter is possible given the all-too-common occurrence that a person uses the same combination of username and password for multiple services, and this poses serious risks for their accounts on financial services platforms,” reads the Group-IB advisory.

From a technical standpoint, the hackers involved in this campaign mainly relied on phishing websites impersonating the Facebook login page, as well as session hijacking attacks aimed at stealing browser cookies.

Read more on Facebook-aimed attacks: Hackers Use S1deload Stealer to Target Facebook, YouTube Users

“The scammers impersonate Meta, Facebook’s parent company, in their public posts and on any of their more than 220 phishing sites,” Hlal and Chatra wrote.

“They appropriate Meta and Facebook’s official logos on their social media profiles and phishing web pages to make them appear legitimate and trustworthy in the eyes of users. These fake profiles have nothing to do with Facebook, and they are frequently taken down quickly by the social network.”

The publication of the advisory, which includes a complete analysis of techniques used in this campaign, comes months after Meta took down two separate disinformation operations originating in China and Russia.

Editorial image credit: Ink Drop /

What’s hot on Infosecurity Magazine?