Hackers are targeting Facebook accounts to run ad fraud campaigns
Hackers have been targeting Facebook accounts that spend money on advertisements.
Unlike the normal account, where you just spend time getting into arguments with your uncle about climate change.
Facebook ad accounts have extra value because there's a credit card attached to them.
We found multiple instances where hackers took over accounts and started using another person's credit card to pay to promote posts on Facebook that have malware on it.
One of them was for this like toy wagon priced at 99 cents, at least 813 people clicked on it and put their credit card information in which then got stolen.
The hacked accounts ad campaign only ended because the credit card to use for expired not because it was fraud.
The hackers on this account were trying to spend $10,000 a day for an ad campaign, using someone else's money.
This was fascinating for so many different layers you have like The hackers going after people and then when they find out they have access to make ads, bingo.
Let's just fill a bunch of ads for phony products.
And then An 800 or some people clicked on those on those ads in Cape who's giving their credit card information to weird suspicious of like.
A scam work.
This particular scam for this wagon worked was that they made it look like it was a pricing error.
You ever seen those posts I was like, like somebody messed up this post on Amazon this.
It's usually $500 only $50 you should get it right now.
So they made the promoted post look like that was like we're selling his toy wagons.
This one is 99 cents, oops.
And then all these people like just rush to buy it.
That's always the key right?
Do something fast don't think quick.
And then you're not thinking it through.
Yeah the campaign only really lasted for six hours, because it was a scam.
But because [UNKNOWN] Hey, this guy's out of money.
Well like what is feasible?
Are they doing enough to like scan for if an ad is going to malware or will be malicious?
So when I reached out to Facebook they said that they have been like clamping down on it met like hackers like have techniques.
This one they called cloaking where like they hide the skimmer on the website like really well so they can't find it that much.
So Facebook has been trying to crack down on it for a while, but obviously like we've seen, things like this don't get through.
The other big problem to me that I found was that they weren't notifying these people when their accounts got hacked and they were spending these much money on these accounts.
I spoke with another woman who had her account hacked, and she didn't know about it for five days.
Okay, if you have a big ad campaign, shouldn't you get an email going, congrats on your ad campaign.
It's like when you buy shoes on Amazon, at least you get a
Email that you bought shoes.
If I bought an ad campaign I'd like to get alerted.
Yeah it's funny.
They'll send you notifications, hey are you going to this event?
You put maybe.
Are you going or not?
But hey, you just spent $10,000 on this.
Looks cool to me.
You don't need to know about this.
This woman in North Carolina who had her Facebook account hacked, she didn't even know what was going on until Paypal emailed her actually and was like hey You spend like $1,200 on ads and like you've never spent that much money, so we just, is everything good, are you okay?
I was like I didn't spend that at all, what the hell was going on?
Which is, it's weird that like Facebook didn't notify any of these people that like They spent, this much money on-
Clearly hackers have seen that, look, these [UNKNOWN] doesn't notify people, this is easy pickings to go after.
And their AI picks up on it too.
So and in the case of the $10,000 ad campaign there was a screenshot of it that he showed me where I was basically Hey, you've only really spent like $250 before and $10,000 a little lot are you?Are you sure you want to spend this and the hackers obviously like yeah like I'm Henry
Yeah, but it was weird that like so they obviously can tell when something is going on but like they don't send any notifications to these victims and it's it's awful.
It's a weak spot and they've exploited it, yeah,
And then the two people I've spoken with are not the only ones that this has happened to.
There's countless blog posts about like, hey, my facebook account got hacked.
They spent this much money using my credit card.
Nothing got settled like some of these people are still banned from Facebook and they can't even go on Facebook and see like what they got banned over.
So the woman from North Carolina, I kept asking like what?
So what was the ads taken out for?
Is it I don't know.
They banned me after that.
Wait, she was banned for what a hacker did to her?
Yeah, yeah, she was trying to tell Facebook to like I didn't post this like the hacker post as I know your band.
was like a, like a, like a, like a hotline thing that Much like an actual person at Facebook, she actually got her account back after I was reported on this story, but the thing is it shouldn't take a reporter going to Facebook to get any actual support for people you know, I'm not a What is it like $17 billion company.
Yeah, for real
Can't get enough, check out the Daily Supercharge, our extended post show with special features audience Q&A and in depth reviews available now.
Wherever you get your podcasts