By taking a swing at a social network account and successfully hijacking it, a cybercriminal opens the door to plenty more potential victims.
Facebook is the main target in such cases because it is so good a platform for sharing information, which allows bad actors to lure a lot of users.
Malware, spam and phishing links directing users to pages serving carefully planted threats are easily distributed from a stolen Facebook account.
As noted by Nadezhda Demidova, Web Content Analyst at Kaspersky Lab, criminals can use the account for financial gains, “such as extorting money from the hijacked account’s friends. The fraudster can send messages asking people to send money for help.”
Other reasons are the collection of information for launching targeted phishing attacks and even selling the account to other criminals.
Getting their hands on a social network account is done through various methods, ranging from fake notifications, emails sent from a compromised address of a friend and forum messages to banners on third-party resources.
In all these cases, the victim can be attracted to phishing pages where they are asked to log into a fake social network; the details are then sent to the attacker. A compromised Facebook account can also be used to direct the friends of the owner to malicious pages.