Talos' researchers Jon Munshaw and Jaeson Schultz said in a blog post that these groups had approximately 385,000 members.
The duo said these groups were quite easy to find. "A simple search for groups containing keywords such as 'spam', 'carding', or 'CVV' will typically return multiple results," they wrote.
"Of course, once one or more of these groups has been joined, Facebook's own algorithms will often suggest similar groups, making new criminal hangouts even easier to find. Facebook seems to rely on users to report these groups for illegal and illicit activities to curb any abuse."
"Eventually, through contact with Facebook's security team, the majority of malicious groups was quickly taken down," they wrote. "However, new groups continue to pop up, and some are still active as of the date of publishing (5 April, US time).
The researchers said similar groups had been unearthed by former Washington Post employee Brian Krebs in April 2018. They said that months later, even though the groups identified by Krebs had been deleted, a new set of groups, with remarkably similar names, had sprung up.
Credit card numbers and CVVs offered for sale by one of the groups.
Munshaw and Schultz mentioned several posts in the groups they had found, some which were selling credit card numbers and the accompanying CVVs, at times with ID documents or photos which belonged to the victims.
They also found people selling access to long email lists, the ability to move large amounts of cash and sales of shell accounts at various private and public organisations.
The two researchers said it was not known as to how legitimate or successful these users were.
"There are often complaints posted by group members who have been scammed by other group members," they wrote. "In most groups, there is a particular etiquette and form to the posts. Typically sellers will describe what they have versus what they want. Almost all transactions are 'you first' (written as 'U_f', 'uf', etc.), meaning the person interested in making the purchase or trade has to pay or provide their service or product up front.
A list of email addresses offered for sale.
"Like many other Facebook groups, these scammer groups also exist as a forum for scammers to share jokes about some of their less successful campaigns."
They said that so far, Facebook had apparently relied on these communities to police themselves, which for obvious reasons, they were unwilling to do.
"As a consequence of this, a substantial number of cyber-scammers have continued to proliferate and profit from illegal activities. Operating with impunity, these attackers relentlessly probe cyber-defences of enterprises everywhere. This is a high-stakes endeavour because an attacker with even the smallest foothold inside an organisation can do considerable damage," the pair said.
Screenshots: courtesy Cisco's Talos Intelligence Group