Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by deleting those groups. Last week, a similar analysis led to the takedown of 74 cybercrime groups operating openly on Facebook with more than 385,000 members.
Researchers at Cisco Talos discovered the groups using the same sophisticated methods I employed last year — running a search on Facebook.com for terms unambiguously tied to fraud, such as “spam” and “phishing.” Talos said most of the groups were less than a year old, and that Facebook deleted the groups after being notified by Cisco.
Talos also re-confirmed my findings that Facebook still generally ignores individual abuse reports about groups that supposedly violate its ‘community standards,’ which specifically forbid the types of activity espoused by the groups that Talos flagged.
“Talos initially attempted to take down these groups individually through Facebook’s abuse reporting functionality,” the researchers found. “While some groups were removed immediately, other groups only had specific posts removed.”
But Facebook deleted all offending groups after researchers told Facebook’s security team they were going to publish their findings. This is precisely what I experienced a year ago.
Not long after Facebook deleted most of the 120 cybercrime groups I reported to it back in April 2018, many of the groups began reemerging elsewhere on the social network under similar names with the same members.
Instead of reporting those emergent groups directly to people at Facebook’s public relations arm — something most mere mortals aren’t able to do — KrebsOnSecurity decided to report the re-offenders via Facebook’s regular abuse reporting procedures.
What did we find? KrebsOnSecurity received a series of replies saying that …