Many times hackers target individual social media users, mainly Facebook, to show them ads that might interest them, such as unusual discounts on various products. However, data protection experts mention that, by attacking major companies, such malicious campaigns can reach an incredible amount of unsuspecting users looking to extract data from their payment cards.
This is precisely what happened in October
2019, when a group of hackers took control of the personal account of a
LiveRamp employee, one of Facebook’s leading data management partners. Threat
actors used the employee’s login credentials to gain access to the company’s
Business Manager to launch ads using other people’s money.
It should be remembered that advertising is
what keeps Facebook alive. During 2020, the social network is expected to
generate profits of around $84 billion USD in advertising, mainly due to the
effectiveness in ad-targeting specific audiences, as mentioned by data protection
Regarding LiveRamp, it is an important Facebook
partner and a global marketing
powerhouse. This company pioneered data incorporation, combining users’ online
identity with real-world action data, such as purchases in physical stores. By
compromising a LiveRamp account, threat actors achieved wide reach in their
social media fraud.
After stealing the LiveRamp employee’s login
credentials, hackers began posting multiple advertisements at the expense of
companies that legitimately invested money for advertising placement. Hackers’
publications advertised non-existent products, such as sunglasses, accessories
for technological devices, and even penis enlargement pills.
In a statement, LiveRamp released some details
about the incident: “A limited number of LiveRamp customers and associated
accounts have been affected. Facebook quickly reported the incident to the
compromised accounts and appropriate steps were taken to block unauthorized
It is not yet known how many users fell into
the scam, as LiveRamp mentions that no further details will be published until
the ongoing investigation is complete. However, sources close to the company
mention that the most-viewed fraudulent ads could have reached more than 50,000
viewers. By clicking on these advertisements, the user was redirected to a
malicious site to extract their banking details.
Data protection experts at the International Institute
of Cyber Security (IICS) have tracked similar cases on multiple occasions.
While these incidents can occur in a variety of ways, the goal is always to
collect sensitive information from users; as a prevention measure, it is
recommended to ignore Facebook ads with offers too good to be true.