Cnet reported late today that a major Facebook data partner was hacked to gain access to advertising accounts and operate credit card scams. In October, hackers commandeered the personal account of a LiveRamp employee and used it to gain access to the company’s Business Manager account — allowing them to run ads using other people’s money.
https://twitter.com/alfredwkng/status/1222628011008319491
Our CTO Shreyans Mehta asked me to look into some web domains like https://rxmxtnx.com/ (don’t buy anything from this site, it’s fake) that offer expensive brand name products and huge discounts. Unbelievable savings, and that’s just the thing. The criminal organization is getting premium ad services for free and using them to advertise fake websites that in turn, just collect credit card data. That’s the end goal of this type of fraud, more credit card numbers. I found 13 sites associated with the one noted here, largely copies. Authentication on one site worked on all. They’re taking the credit card numbers and using them in another scam somewhere else.
Hacking into an ad network or partner that spends huge money on ads, allows the criminals to target demographics, regions, and specific people with ads that would normally be very expensive. The level of sophistication in this sort of scam is getting more and more impressive. We all have to be prepared. If you administer some function of social media that costs money to your organization, you need to have 2 factor authentication enabled on those accounts that trigger off of transactions. If an administrator starts getting texts about purchases, they’ll notice the activity and get it shut down faster. If you run an ad network and you see someone start purchasing in a pattern that isn’t normal, that should trigger an alert. For the ad network, using tools that notice behavioral changes will be essential if you want to stay ahead of these criminals in the future.