If you have a Facebook group or are a member of one, here’s a threat to worry about – if it already hasn’t happened to you.  Scammers are stealing Facebook groups by changing passwords and emails. Once they control it, they can sell it on the black market to buyers who can make money from the group members – or even get their emails and personal identity information to scam them, too.

I became aware of this scam because my own email account and the two groups I set up in the account were stolen about four months ago and my own posts were removed.  Then nothing seemed to happen.  A post I wrote in the groups about the theft was left pending, and the last posts from a few other people remained as of mid-September.  My associates with posts in the group heard nothing either.

Then, a few days ago, I suddenly got a notice that my long-pending post was now posted, and when I went to the group, I discovered there was a new administrator, and the following day, a second adminstrator.  But they had different names than the email of the scammer who took over the group. So who were they?  One man seemed to be living in a village in Italy; the other one seemed to be a family man somewhere – but neither had any friends or followers. The groups were also suddenly acquiring dozens of new members as if they were being advertised somewhere. Then, a few of the members started posting – several offering assistance or referring others offering assistance in recovering money or groups, which are usually scams. One woman wondered if others had encountered a scam by a particular marketplace that took her money.

That’s when I began wondering how did these new administrators or owners get the group? At least they didn’t seem aware that I was the previous owner, so I began looking up information on the new posters as well as on the practice of buying and selling groups. I found two online articles about this practice, along with a couple of sites that offer groups for sale. I also asked some writing, ghostwriting, and publishing Facebook groups where I am a member about the sale of stolen groups, and no one had heard of this problem, which doesn’t seem widely known. Thus, I have written the first of these articles about the theft and resale of these groups.

For this one, I wondered what ChatGPT4 might know about the scam, and here, with some extensive editing by me, is what AI had to say.  I began by asking:
“Please write me an article about how Facebook groups are being stolen by changing passwords and replacing emails, and then those groups are sold by scammers on the black market, although this is illegal. Describe why the groups are sold and bought, for how much, and how buyers can use the groups to make money from group members or get their emails to get money and personal information from them.”

Here’s what I learned.

The Growing Theft and Sale of Facebook Groups

The illicit trade of Facebook groups has become a significant concern in the digital world. Scammers have devised a new method to hijack Facebook groups, turning them into commodities for illegal trade. This method involves replacing the email addresses associated with the group’s administrator accounts, effectively transferring control to the new owner, then selling the newly acquired group as an asset. The process undermines the trust and integrity of online communities. It highlights their vulnerabilities and the darker aspects of social media.

How a Theft Occurs

The theft of a Facebook group typically begins with hackers or scammers gaining unauthorized access to the group’s administrative controls. Scammers achieve this through various means, including phishing, social engineering, or exploiting security weaknesses. For example, they might use a phishing attack in which they pretend to be sending a message from Facebook or other authority, so they trick group administrators into revealing their login credentials. Once these credentials are obtained, the scammers change the group’s password and email address, effectively locking out the original administrators and taking full control of the group.

The Black Market for Facebook Groups

Once a group is under their control, scammers turn to the black market to sell these groups. The value of a Facebook group largely depends on its size, activity level, and the niche it caters to. Prices can range from a few hundred to several thousand dollars. This illegal market thrives in hidden corners of the internet, often on dark web forums or through encrypted communication channels.

Why Are Groups Sold and Bought?

The primary reason for the sale and purchase of Facebook groups is their potential for monetization and influence. Groups with large, engaged audiences are particularly valuable. Buyers, often marketers or individuals looking to promote specific agendas, are willing to pay high prices for access to these ready-made communities. Though buyers may be aware that selling and buying these groups are illegal, they are enticed by the ability to monetize the group in various ways due to its established audience.

Thus, buyers purchase these groups for various reasons:

Monetizing the Audience:
The larger the group, the greater its potential for monetization through ads, sponsored posts, or direct sales.

Marketing, Advertising, and Promotion:
Some buyers see these groups as ready-made platforms for marketing products, services, or ideologies to a large, engaged audience. Since the members are already interested in the group’s niche, they represent a targeted audience for directed marketing, advertising, and promotional campaigns.

Spreading Information or Propaganda:
Political groups or activists might purchase these groups to disseminate specific ideologies or information.

Data Mining:
Unscrupulous buyers may engage in data mining through extracting personal information about group members. This information can be used for targeted advertising or even sold to third parties.

Affiliate Marketing:
By posting affiliate links to products or services, group owners can earn commissions on any sales generated through these links.

Membership Fees:
Some groups might charge fees for exclusive content or privileges within the group, so the new owners turn the group into a source of direct revenue.

The Legalities and Ethical Implications of a Sale

The sale and purchase of stolen Facebook groups are unequivocally illegal. The transaction constitutes the theft of digital property and violates the terms of service of the platform. Furthermore, the transaction breaches the trust of group members who joined under different pretenses and can lead to the spread of misinformation or unwanted commercial content.

The Risks for Group Members

Besides being illegal, the takeover and sale of Facebook groups pose significant risks to group members. They may be subjected to unwanted advertising, misinformation, and potentially malicious content. Additionally, their personal data could be at risk of being harvested and misused by the scammers.

Combating the Problem 

Facebook has implemented various security measures to combat the unauthorized takeover of groups, such as two-factor authentication and alerts for suspicious activity. However, ultimately, group administrators have to take steps to safeguard their group through safe online practices, such as being cautious of phishing scams and regularly updating their security settings.

For example, a day after I discovered my lost Facebook group was suddenly active again, I got a notice from Facebook about a request to change my password, with a link for changing it, or alternatively, I could click a link indicating that I hadn’t made the request.  I quickly chose that option; then I checked my security settings to make sure I had 2-Factor Authentication in place, which I did.  

Some of the ways you can protect your own group include the following:

Strong Security Practices:
Use strong, unique passwords for your Facebook account and change them regularly. Enable two-factor authentication (2FA) for an added layer of security.

Regular Monitoring:
Keep a close eye on email notifications from Facebook, especially those related to account or group settings changes. Let Facebook know quickly if it wasn’t you who made a request to make any changes.

Educate Group Members:
Inform your group members about these scams and encourage them to report suspicious activities to you and to Facebook.
Limit Administrative Access: Be cautious about who you assign as admins or moderators. Regularly review your group’s admin list and remove inactive or unknown admins.

Backup Group Data:
Regularly download a copy of your group’s data. This can be helpful if you need to rebuild the community.
What to Do If Your Group is Stolen

If there is an attempt to steal your group or it has been stolen, you need to act quickly to keep or recover your group.  Unfortunately, I didn’t do that when my group was stolen.  Instead, I ignored warnings from Facebook until it was too late, since I thought the warnings were actually efforts by scammers to get my emails, rather than real notices from Facebook to secure my account. 

Here’s what you can do.
Immediately Report Any Unauthorized Activity to Facebook: If you notice unauthorized changes, report it to Facebook immediately. They have a process for investigating and potentially recovering compromised accounts and groups.

Gather Evidence of Your Ownership:
Document any evidence of unauthorized changes or communications that might help you prove your ownership of the group. For example, gather evidence such as screenshots or communications related to the theft in order to support your claim.

Contact Law Enforcement:
If the situation warrants, report the theft to local law enforcement or to federal fraud authorities, especially if there’s substantial financial loss or identity theft involved. Even if they can’t investigate your individual case, you might use your report for insurance purposes.

Seek Legal Advice:
If you experience significant damage or theft of personal data due to the theft of your group, consider seeking legal advice. You might be eligible for insurance or other protections.

The Risk of Being a Member of a Stolen Group

There is also a risk in being a member of a stolen group, whether you were there before it was stolen or joined afterwards. The major risks are these:
You may be subjected to unwanted advertising, misinformation, and potentially malicious content.
Your personal data could be at risk of being harvested and misused. For example, the scammers might attempt to get your email or Facebook account password, so they can access your account.

The new owners might try to find out who your friends or other Facebook contacts are. Then, they might send information to them or seek to get email or other information from them.

What to Do If You Suspect a Group Has Been Stolen or Want to Warn Others about the Dangers of Theft

Sometimes you may encounter a group that appears to have been stolen, such as if you get an email from the group’s administrator promoting a product or service or seeking information from you. Or maybe you get an unusual mailing or don’t recognize the name of the administrator. 

Here’s what you can do to send out an alert about the situation.

Use Facebook’s Report Feature: If you suspect a group has been stolen, use the “Report Group” feature on Facebook. Provide any evidence or reasons for your suspicion.

Alert Others in the Group about Potential Thefts of Facebook Groups: Encourage other group members and admins to be vigilant in case the group becomes a target. Collective reporting can often prompt quicker action from Facebook.

What Facebook or Authorities Might Do

Facebook takes the security and integrity of its platform seriously. Once a scam or unauthorized access is reported, they have mechanisms to investigate and take appropriate actions, which may include restoring groups to their rightful owners or shutting down groups that violate their terms of service.  However, the effectiveness of their response can vary.

Sometimes it can help to report a theft of a group, particularly if you had a large number of members – say 5000 or more – to the various agencies policing the internet, including the Federal Trade Commission, Internet Crime Complaint Center (IC3), and FBI.  While these agencies may not be able to handle your problem individually, they may be able to take some action against the sites selling illegal Facebook groups or against the big buyers of these groups.  As a result, providing updates to Facebook’s security department and cooperation with law enforcement can help curb these scams.

The Size of the Black Market for Facebook Groups

The black market for buying and selling Facebook groups exists on a couple of websites which turn up in a Google search, which is unusual, since otherwise there are a lot of cautionary postings in response to questions about how this is illegal. Presumably, there may be other sales sites on the dark web, and it would seem this market is difficult to police, since the buyers and sellers are located in different countries around the world.  So it’s like the Wild West out there.

The exact number of individuals affected by the theft of Facebook groups is difficult to ascertain, too. This is primarily due to the varying sizes of groups and the often secretive nature of these thefts. Another difficulty is that large groups with thousands of members can significantly inflate the number of affected individuals. Then, too, group members may not immediately realize that a group has been stolen or compromised.

Identifying the number of sellers of Facebook groups is equally challenging. These operations are typically conducted anonymously and often through encrypted or hidden channels. The number of sellers can fluctuate, with new ones emerging as others are shut down by law enforcement or security measures implemented by social media platforms.

It is also difficult to name the marketplaces for buying and selling Facebook groups, because these often operate on the dark web or through encrypted channels. Additionally, these marketplaces can frequently change names, web addresses, or methods of operation to evade detection. Also, I don’t want to mention the names of the two I discovered, since these are run by sophisticated hackers and scammers who might retaliate.

What Can or Has Been Done about These Illegal Sales

Efforts to crack down on the sale of stolen Facebook groups involve a combination of law enforcement actions and security measures by social media platforms:
Social Media Platform Security: Platforms like Facebook have implemented security measures such as two-factor authentication and algorithms to detect unusual activity, which can help prevent unauthorized access to group accounts.
Law Enforcement: In some cases, law enforcement agencies may get involved, particularly when there’s a significant breach or a large-scale operation.
Public Awareness: Educating group administrators about the risks and signs of phishing attacks and other scams can help prevent these thefts.

An Epilogue to My Story 

Ironically, after writing this article, I discovered that the new administrator of my stolen group didn’t even know why he had become the administrator, since he had only joined the group a few months before. I had also thought he had an odd background for a scammer since his profile indicated he was from a village in Italy.

It became clear he wasn’t involved in the original theft or purchase when he posted this message, which even cautioned about scammers:
“Hi Everybody, I am not quite sure how I became Admin of this group.  Anyways. Please watch out for the other scammers… The “hackers” who say that they can get your money back for you.  That’s all rubbish. The best and perhaps only option is to go to the authorities, police and court of justice/lawyers.

Maybe it’s easier, but not necessarily, if we can meet with other victims of the same scammer. However, meeting people here it’s very difficult.
I would suggest that, if you got scammed, first search Facebook for a group with the same name as the scammers. If there is no such a group, then you open the group, brand new, from scratch. The name of the group should say: scammed by, and then the name of the scammers: Scammed by XYZ.

So, when a victim looks for XYZ scam, they find the group and other fellow victims.  Then that group can be advertised here, if you want. No problems.
Keep strong guys, and never give up!”

To answer his question about becoming the group admin, I commented:
“Maybe some scammer bought it and attached your name to this. Can you check if there has been any unusual activity in your own Facebook account. Maybe a scammer is using your name as a cover, since there is a market for the illegal sale and purchase of stolen Facebook groups. Then they try to market services, including recovery of money, to group members or get their emails or personal information.”

But the new admin had no idea why he was selected, responding back.  “No, no unusual activities.  I did join the group few months ago. Then few days ago I was made admin.  I thought it was you who made me admin? It seems you are still admin?  Or that’s another profile?

And so the mystery remains. Why did a scammer steal my group? And why select a group member as an administrator? Maybe I’ll have some answers in a future article on this topic.

Summing Up

In sum, the theft and sale of Facebook groups is a serious problem that seems little known but has been affecting an increasing number of owners whose groups are stolen. Scammers are buying and selling these groups because they can make money from the sale, and buyers can monetize the groups they buy through marketing, advertising, and promotion to group members. Plus buyers can find ways to obtain the personal information of group members to be used in other scams.

The key to protecting Facebook groups lies in preventive measures, awareness, and quick action in case of a breach. While Facebook may take some actions to combat these scams, group owners and members need to be proactive to safeguard their group from being taken over and sold on the black market, such as by acting quickly if they experience attempts to get their password or replace their email for their account.  Additionally, it’s important to report such attempts or losses to Facebook, so they can further investigate and, as possible, restore stolen accounts or stop the scammers from further thefts and sales.