Cybercriminal steals 1 million Facebook account credentials over 4 months, firm says

(Editors note: The email address has been pixelated) In this photo illustration a spam 'Phishing' email is displayed on a laptop screen on March 21,2022. (Peter Dazeley/Getty Images)

Phishing scams are an ongoing problem for unsuspecting users on social media platforms when their personal information is stolen or compromised.

Hundreds of Facebook users fell victim to this scam after an intelligence company discovered a cybercriminal stole one million Facebook account credentials in four months.

Facebook, which has 2 billion users worldwide, reported a major security breach in 2018 in which 50 million user accounts were accessed by unknown attackers. 

RELATED: Facebook says 50 million user accounts have been affected by a security breach

PIXM, an anti-phishing company, discovered that a fake login portal was used as a substitute for Facebook’s landing page. When people entered their account information on the page, their information was stolen. 

PIXM detailed their findings on their website sharing that they found about 400 unique usernames linked to different Facebook phishing landing pages linked to the same fake page. As their investigation continued, they discovered traffic monitoring information on the cybercriminal’s page and hundreds of other fake landing pages.

RELATED: Whistleblower claims Facebook fed US Capitol riot, magnified misinformation

The team traced the origin of the phishing scam to a cybercriminal in Colombia and an email address used in the online attacks.

How to spot phishing scams

According to the Federal Trade Commission, phishing is a type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source – an internet service provider, a bank, or a mortgage company, for example. It asks the consumer to provide personal identifying information.

The agency says a scammer uses the information to open new accounts, or invade the consumer’s existing accounts. 

The FTC offers several tips you can follow to avoid phishing scams, including not responding to e-mails or pop-up messages that ask for personal or financial information.

FOX 9 Minneapolis, FOX 5 DC, and the Associated Press contributed to this story. This story was reported from Washington, D.C.