When you think of a cybercriminal, you probably picture someone in a black hoodie in a dark room on the dark web, but most cybercriminals are out there in plain sight, including on Facebook.
Talos, a cybersecurity firm, found that people can easily join Facebook groups, and then participate in cybercrime including buying and selling credit card info, obtaining spamming tools, or even getting account logins and passwords. All in all, these groups have almost 400,000 members.
Though that does sound like a lot, and it is a lot, you also have to remember that Facebook has about 2 billion users logging into the site each month. With that number of people, it is difficult for the social media giant to deal with these groups.
The failure of Facebook to remove these cybercriminals shows that it is struggling to keep bad online behavior at bay, and this also include hate speech, inciting violence, and sharing false information. This also, of course, show how this behavior can be amplified by the algorithms that Facebook uses.
These groups are easy to find on Facebook. All you have to do is type things like CVV or spam. Once you join one of these groups, Facebook’s algorithms come into play and suggest other groups that are similar in nature. Plus, Facebook doesn’t have a great way to catch these criminals, as it relies on reports from other users to stop this type of behavior.
Because of this, Facebook really has a long way to go before it stops relying on the reports of its users. It’s also true that these reports aren’t always taken seriously, and they often fall through the cracks.
One such example of this is with the recent terrorist attack in Christchurch, New Zealand. The gunman who was responsible for the attack streamed his murderous act on Facebook Live. Though Facebook eventually took the video down, it was seen by thousands of people. However, Facebook said that it had no report of the video during the attack, which is why it took so long to remove it.
Knowing all of this, Talos tried to take on some of these crybercrime groups through the reporting system at Facebook. Some of these groups were, indeed, removed from the platform, but others were not. Instead, only specific posts were removed, while the group itself was able to live another day. Talos kept reporting these groups, however, and eventually, most of them were removed. However, new groups are now popping up to take the removed groups’ places. Facebook has acknowledged that there is a problem, and it admits that these groups have violated its policies. It also said that it knows that more vigilance is required and that it is investigating all types of criminal activity on the platform.
Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.