The News Desk

Criminals buy Facebook ads that lead users to phishing pages

Facebook didn’t disclose if it validates the ads before publishing.
Criminals made pages requesting full credit card details from victims.

Following reports from readers, Linha Defensiva has confirmed that ads shown in Facebook can lead users to pages created for the sole purpose of stealing data, such as credit card numbers and personal details. Brazilian criminals are purchasing the ad space, and using famous people and generous — but fake –offers to lure users into giving up their data.

Phishing ad space on Facebook.

In one case, an ad informs the user of a promotional campaign by Cielo, a VISA-owned payment processor, and Rodrigo Faro, a TV host.

According to the ad, the user must only register in order to be eligible for a prize of “up to R$ 100,000 (US$ 50,000).”

If the user clicks the ad, a page requesting all the user’s card details is shown.

Fake promotional page requests full card details from the user.

In another phishing attempt, the criminals offer an iPhone 4S for only R$ 440 (US$ 220). The price is about four times lower than the retail price of the phone practiced by Apple (R$ 1,999). The page again requests the full credit card details from the user.

Both pages are not maintained by who they claim to be.

Linha Defensiva asked Facebook about the social network’s procedures to validate ads. That question went unanswered. Facebook only said that such ads are not allowed according to its advertising terms, and that users can report a fraudulent ad by filling a form.

  • Hannu Hyrynkangas

    I see ads from criminals in facebook almost daily, usually they try to steal creditcard information by selling something extremely low price. Recently it has been 1 euro iphone.