The revelations that the U.S. National Security Agency impersonated Facebook in order to spread malware on suspect computers is probably not the only time the agency has masqueraded as a popular site to get data, security experts say.
"I'm sure it already has. This tactic is not only for intelligence use, cybercriminals use the same tactic," said Jeff Bardin, founder of Treadstone 71, a cyberintelligence firm.
(Read more: Edward Snowden speaks via Google at SXSW)
"This news is not surprising at all. You are going to use any tactic to collect information, this is not a new tactic, people may act surprised, but this is nothing new," he said.
According to data recently leaked by Edward Snowden, the NSA lured people into visiting what looked like a normal Facebook page, but was actually "using the social media site as a launching pad to infect a target's computer and exfiltrate files from a hard drive." The information was first reported in The Intercept by Ryan Gallagher and Glenn Greenwald.
Bardin, who is a former Air Force intelligence officer, said that it's also common for cybercriminals to build a website that looks exactly like the target website and make it so a visitor can enter their credentials and be then be transferred into the actual site.
(Read more: An NSA-Proof phone?)
Facebook did not respond to CNBC's request for comment, but company spokesperson Jay Nancarrow, who was cited in The Intercept report, said that "the company had no evidence of this activity." Nancarrow also noted that the NSA could have used this tactic on any website.
"If government agencies indeed have privileged access to network service providers," Nancarrow told The Intercept, "any site running only [unencrypted] HTTP could conceivably have its traffic misdirected."
"The US government should be the champion for the internet, not a threat" he wrote. "They need to be much more transparent about what they're doing, or otherwise people will believe the worst. I've called President Obama to express my frustration over the damage the government is creating for all of our future. Unfortunately, it seems like it will take a very long time for true full reform."
Facebook implemented HTTPS encryption for its users last year, making users' browsing sessions safer. Many other tech companies, including Google and Yahoo, also use this type of encryption to protect all communication over their servers. But even HTTPS, which greatly improves secure browsing, isn't foolproof, security experts said.
The NSA code named its technique of posing as Facebook "QUANTUMHAND" and began using the method in 2010, according to the report.
"Any website could conceivably face this problem," Bardin said. "There's no end to this."