The Facebook hacking service, which is delivered via a professional looking website, was discovered by security vendor and charges just $100 (£61) per account. However, those who sign up for the service could find themselves becoming the victims instead.
Users of the service are required to first register with the site and then provide an ID of the Facebook account they want hacked, said Luis Corrons, technical director of PandaLabs.
Users who enter the ID and click on a 'Hack it' button are then presented with the username of the owner of the Facebook account. They then have the option to 'Start Facebook hacking'.
Those who follow the instructions are eventually told that the hack was successful and a password for the account was retrieved. But to actually get the password, the user is then required to send $100 via Western Union to an individual in Kirovohrad, Ukraine. It's not clear whether sending the money will yield any login and passwords, Corrons said.
But the way the site has been designed and the ease with which a potential client can interact with it lends it a certain degree of credibility, he said. The site contains an FAQ section, which claims the site has been in business for more than four years.
The site even provides a link to a Webmoney account that in fact does appear to be four years old, Corrons said. However the domain itself appears to have been registered by someone in Moscow only a couple of days ago, he said.
"We've been looking at it and we are 99.9 percent sure it is a ruse," to get people to pay up money in exchange for what they think will be legitimate Facebook credentials, he said.
At least as of the last time PandaLabs inspected the site, it was not downloading or distributing any malware and seems to have been set up purely to scam those seeking to gain illegal access to Facebook accounts, Corrons said.
Those who do fall for the scam are unlikely to go to law enforcement to report it, he said.