Facebook sponsored posts selling access to hacked PayPal accounts

Graham Cluley
@gcluley

Have you ever been curious just how much vetting Facebook does before it accepts cash for an ad or a sponsored post?

Judging by what’s popping up in some users’ newsfeeds, the answer is not that much.

Take this sponsored post, for instance, which promotes a website that sells access to hacked PayPal accounts.

Sign up to our newsletter
Security news, advice, and tips.

The website promoted by the sponsored post appears to be Russian in origin, and will charge you different amounts depending on how much money is sitting in the hacked PayPal account:

For a mere $30, you can buy access to a PayPal account with a balance of between $90-$130. $70 will get you someone else’s PayPal wallet with between $330-$400, and if you are prepared to give the website owners’ as much as $470 you are promised access to a hacked PayPal account containing over $2000.

Oh, and if the ad is to be believed you will receive an extra PayPal wallet thrown in for free as part of the deal.

The website claims that the PayPal accounts are “100% valid”, and are not protected by SMS-based two-factor authentication (2FA).

Of course, don’t forget that you are buying something from people who have demonstrated they have no problem with criminality, so don’t be surprised if they rip you off too.

Facebook isn’t doing a good enough job of cleaning up its social network of obviously dodgy sponsored ads, presumably paid for with stolen funds.


If you’re thinking of leaving Facebook, why not listen to this “Smashing Security” podcast we recorded:

Smashing Security #75: 'Quitting Facebook'

Your browser does not support this audio element. https://aphid.fireside.fm/d/1437767933/dd3252a8-95c3-41f8-a8a0-9d5d2f9e0bc6/3e3e8a52-4c1e-45c7-8271-8c13eb312039.mp3

Listen on Apple Podcasts | Google Podcasts | Pocket Casts | Spotify | Other... | RSS
More episodes...

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.