Many times hackers target individual social media users, mainly Facebook, to show them ads that might interest them, such as unusual discounts on various products. However, data protection experts mention that, by attacking major companies, such malicious campaigns can reach an incredible amount of unsuspecting users looking to extract data from their payment cards.
This is precisely what happened in October 2019, when a group of hackers took control of the personal account of a LiveRamp employee, one of Facebook’s leading data management partners. Threat actors used the employee’s login credentials to gain access to the company’s Business Manager to launch ads using other people’s money.
It should be remembered that advertising is what keeps Facebook alive. During 2020, the social network is expected to generate profits of around $84 billion USD in advertising, mainly due to the effectiveness in ad-targeting specific audiences, as mentioned by data protection users.
Regarding LiveRamp, it is an important Facebook partner and a global marketing powerhouse. This company pioneered data incorporation, combining users’ online identity with real-world action data, such as purchases in physical stores. By compromising a LiveRamp account, threat actors achieved wide reach in their social media fraud.
After stealing the LiveRamp employee’s login credentials, hackers began posting multiple advertisements at the expense of companies that legitimately invested money for advertising placement. Hackers’ publications advertised non-existent products, such as sunglasses, accessories for technological devices, and even penis enlargement pills.
In a statement, LiveRamp released some details about the incident: “A limited number of LiveRamp customers and associated accounts have been affected. Facebook quickly reported the incident to the compromised accounts and appropriate steps were taken to block unauthorized access.”
It is not yet known how many users fell into the scam, as LiveRamp mentions that no further details will be published until the ongoing investigation is complete. However, sources close to the company mention that the most-viewed fraudulent ads could have reached more than 50,000 viewers. By clicking on these advertisements, the user was redirected to a malicious site to extract their banking details.
Data protection experts at the International Institute of Cyber Security (IICS) have tracked similar cases on multiple occasions. While these incidents can occur in a variety of ways, the goal is always to collect sensitive information from users; as a prevention measure, it is recommended to ignore Facebook ads with offers too good to be true.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.