If you have a Facebook account, you must realize that you’re at risk of being targeted by fraudsters. With opportunistic criminals doing everything they can to take advantage of a user’s social and psychological naivety, it’s no surprise that scams on social media are at unprecedented levels, and Facebook’s 2 billion+ monthly active users makes the platform super-attractive to fraudsters looking for potential victims.
Read on to learn about some of the most common scams that have occured on Facebook.
On average, over 4.75 billion items are shared by Facebook users each day. Many of these items include links posted to open community fan pages. Unfortunately, many of these links are primarily designed to redirect you to pages that have been infected with different types of malware. Be aware that, unlike in the past, viruses can be downloaded to your computing device just by visiting to an infected webpage.
How fraudsters entice you to click malicious links
- Whenever there’s a big news story, attackers will hijack the story to create posts that contain malicious, clickable links and post them all over Facebook. Clicking the link often leads to a blank page, and users might think they’ve simply clicked on a bad link. But just by visiting that page, malware has already been downloaded to that user’s computing device.
- Attackers create posts with sensational headlines that are designed to appeal to your emotions and entice you to click on the link. For example, “Win a free iPad!” or “Win a trip to Dubai!” More often than not, these posts are scams. They’re an attempt to get you to enter your personal information into a bogus webpage that you’re taken to once you click on the post.
- If any of your friends’ accounts have been hacked, attackers will often create posts that contain malicious links and post them on your timeline. The fact that the post was shared by a friend is designed to lure you into a false sense of security that the link in the post is safe because it is coming from your friend.
- Fraudsters use links to videos with the tag “is this you?” or “Hey (your name), what are you doing in this video lol! ” The message will be sent from someone you’re friends with on Facebook. The aim is to get you to click the link, which either directs you to an infected page or asks you to download an application to view the material.
Spoofed Facebook Phishing Emails
According to Vade Secure, a company that specializes in email security, Facebook ranks second in their list of most impersonated brands in phishing campaigns. These campaigns can take several forms. In one example, potential victims are told in an email that their posting privileges have been temporarily restricted for violating Facebook’s standards.
You may also receive fake notification emails. Basically, they spoof Facebook’s email messaging service to make it look as if you have an official message from the platform. The main objective is to get you to click on a malicious link to a bogus Facebook page. Cybercriminals can also develop spoofed Facebook webpages that mimic the real thing. Once you login with your username and password, you’re handing over your credentials to the cybercriminals that created the page.
If you come across a webpage that prompts you to re-login to your Facebook account, take a good look at the address in your browser’s address bar. It must read ‘facebook.com’. Close any page that either doesn’t start with www.facebook.com or contains something between Facebook and .com. The page is fake.
Hijacked Facebook accounts
Unfortunately, Facebook hacks occur quite often. The New York Post reports that as many as 160,000 Facebook accounts are compromised every day. When an attacker hacks into a Facebook account, the victim’s connections are often the targets, not the account owners themselves.
The attackers can exploit your family and friends by reaching out and asking for money. They will look through your message history to identify the people that you interact with the most. They will then impersonate you and engineer some kind of crisis to convince the people who care about you to send money to a special account to help you out. Some messages will include a malicious link that infects the devices of people that click on it with malware or leads to a bogus web page designed to steal personal details.
For years, fraudsters have been flooding Facebook with tons of discount vouchers supposedly from the likes of the biggest supermarkets and high street stores such as Primark, Waitrose, Morrison’s, Tesco, Aldi and Sainsbury’s. The post includes a clickable link that takes victims to a bogus website where they’re prompted to enter personal information.
Users are also asked to share the voucher with their friends on Facebook. These vouchers exist to steal your personal details and infect your device with malware. As mentioned earlier, simply clicking the link to check out the website is sufficient to download a virus to your computer.
Examples of fake vouchers:
Facebook ad scams
Scam ads on Facebook are bogus ads created by cybercriminals that are designed to not only con people out of their money, but to steal their identity as well as their financial details. According to consumer group Which?, scam adverts aimed at UK consumers have conned almost one in ten people into paying for sham purchases. To facilitate their scams, cybercriminals hijack Facebook accounts and run fake ad campaigns through those accounts using stolen credit cards. Even if those ads only run for a few hours before getting terminated, a few hours are all fraudsters need to see massive returns.
The subscription trap.
The subscription trap is a scam that is targeted towards baby boomers, and different variations of the scam have appeared on Facebook and various search engines. The scam begins with an ad in your news feed that features an intriguing story about one of your favourite celebrity likes. When you click on the ad, it takes you to a fake news article on a spoofed website that mimics Fox News, TMZ, or People magazine. According to the article, the celebrity has created an amazing new skin cream that they can try for a small fee. Model Christie Brinkley was actually used in one of these fake celebrity endorsements for a fake anti-aging skin cream scam. You are encouraged to make a small credit card payment for a “free trial” of the product. At that point, you’re charged $4.99 for shipping.
Although you do get the product which Christie Brinkley has nothing to do with, by purchasing the free trial, you’ve inadvertently signed up to an expensive monthly subscription which can only be cancelled by cancelling the credit card used for the purchase. Within a month of paying for that product, another charge is made on your credit card. It is estimated that fraudsters have stolen more than $1.3 billion from unsuspecting users with this scam.
In the UK, baby boomers were hit with scam ads on Facebook promoting CBD oil falsely endorsed by Fern Britton and David Attenborough. According to one victim, the ad promised a sample for £2.50, but £170 was later removed from her bank account.
Fraudsters are setting up ads on Facebook without any intention of delivering those products to customers. Ads are hooking victims by offering these products at insanely low prices. And scammers are able to target users with many different types of scams based on their likes, interests, age, location and behavior. Furthermore, if you happen to click on one scam ad, you’re likely to see more of those ads because of the way the Facebook algorithm works. What you must always keep in mind is that if it sounds too good to be true, it is definitely too good to be true.
Cryptocurrency investment trading software scam.
The cryptocurrency scam is one of the most prolific internet scams that has ever appeared on the internet. The scam has appeared on Facebook, MSN News, Twitter, Instagram, and many search engines including Google and Yahoo!. Individual losses have been as high as £200,000, and it has impoverished people in several countries with many victims around the world losing their homes and assets.
How does the scam work?
There are countless variations of the scam, but generally, they all proceed in the same way. The scam begins with a potential investor searching for terms related to Bitcoin or cryptocurrencies. The budding investor is then presented with a fake news story in their newsfeed that features a well-respected, famous celebrity appearing to discuss a specific bitcoin investment scheme. Who you see in your feed will depend on where in the world you live. For example, users in France might see football sensation Kylian Mbappe, users in Australia might see actor Chris Hemsworth, and so on.
After clicking the advertisement, the unsuspecting user is automatically directed to a spoofed website that is built to resemble a well-known mainstream media publication. For example, if you are in the UK, you could be redirected to a fake Mirror news website using a stolen image of the celebrity that was featured in the fake story in your newsfeed. Other users may be directed to a fake BBC news page featuring different famous personalities appearing to endorse the bogus bitcoin investment scheme.
Using highy trusted websites and famous faces are designed to build trust in the product. The fake news stories all claim that the featured celebrity made an astronomical amount of money using a revolutionary automated cryptocurrency trading software which touts itself as “software which enables anyone to trade Bitcoin profitably.” In reality, the news stories are fabricated advertorials, the software doesn’t exist and there are no profits to be made.
If you choose to believe the hype, you’re asked to scroll down to sign up if you want to earn “life changing amounts of money”. Those sucked in by the well-known faces and promises of quick riches register for an offshore CFD (contract for difference) broker.
Shortly after signing up, you’re contacted by an “investment manager” who convinces you to get the ball rolling by purchasing £250 worth of bitcoin. Once you sign up, you’ll receive a link and login details by email to a bogus trading platform.
Over time, your bitcoin value will appear to soar, and the investment manager will keep contacting you to encourage you to buy more and more bitcoin. For example, if you invest £5,000 into the scheme, your investment will be valued at £50,000 on the platform. But once you decide to cash out, the investment manager will transfer some funds to your bank account which is often enough to reassure some people to continue investing rather than cashing out.
But when you do decide to cash out, the investment manager will submit a request for their 10% commission, which you’re required to pay into a bank account before you can cash out. Once that payment is made, you’ll never hear from the investment manager again.
In the UK, at least 108 people claimed they had lost just under £1.5 million in total to the scam.
Fake goods on spoofed websites
Counterfeit products are being peddled by fraudsters impersonating big high street names. What fraudsters will do is use website spoofing to create malicious online shopping sites that are replicas of legitimate and established retail websites. These spoofed websites will have the corporate logos, fonts and brand colours of the real sites. These malicious online shopping stores are hosted by legitimate e-commerce service providers like Shopify.
There are a lot of scammers that operate Shopify stores because the platform has a low barrier or entry, and it’s very easy to get a Shopify store up and running within hours. These scammers also make sure that the country that they’re based in is one with lax fraud prosecution laws. This makes Shopify a perfect platform for scammers.
What these fraudsters will then do is steal photos of branded images and retailers’ stock from legitimate websites and feature these products on their stores at knockoff prices, lower than you can find anywhere. They will then setup Facebook and Instagram ads using the stolen photographs and brand images. When you click on the link in the Facebook ad, you are redirected to one of these spoofed websites which looks exactly the same as the retailers.
How to identify a fake website
Cybercriminals are very good at what they do, so it can be difficult to identify a spoofed website. But the last thing you want to do is to enter your financial details into a fake website. This means you need to be super vigilant when shopping online. Here are a few things to look out for when identifying a fake website.
1. The domain name is fishy. This is often the best way to identify a spoofed website. Many of these websites even use HTTPS, so it can sometimes be difficult to tell that you’re on a scam website. But if you take a closer look, you’ll see that the domain name will always be off, 100% of the time. And even though these fake websites will sometimes use a domain name that references an established brand name, it will never be the actual brand name. For example, instead of www.asos.co.uk, you may be taken to something like www.asosdiscounts.com or something like www.discountbrandstore.com.
2. The offer is too good to be true. If it sounds too good to be true, it is probably a scam. Fraudsters target bargain hunters by advertising fake or counterfeit products at heavily discounted prices, using stolen photos or branded images.
3. They use odd payment methods. If you buy something that doesn’t turn up or turns out to be counterfeit with a credit or debit card, you are entitled to get your money back. Fraudsters are well aware of this, so they will often ask for payment by bank transfer or some other methods. If you’re asked to pay via bank transfer, wire transfer or some other method, that should be a major red flag.
4. Take a closer look at different pages on the site. Look for contact information. If there is no contact information and all the site offers is a form to fill out, consider that a red flag.
Facebook Marketplace is an online shop similar to sites like Gumtree and Craigslist. It allows users to flip old items they no longer need or buy second-hand goods in their local area.The platform has added Facebook Checkout which provides some degree of protection from scammers through Facebook Purchase Protection. Nevertheless, you should always have your guard up when doing business on Facebook Marketplace.
Here are potential scams to watch out for on Facebook Marketplace.
- Counterfeit or fake products: a seller advertises genuine products at an incredibly low price, but when you receive the item, you discover the item is either fake or doesn’t work. If the seller is in your local area, try to inspect the item before you pay for it.
- Criminals often use Facebook Marketplace to quickly get rid of stolen goods, especially things like bicycles, tablets, laptops and smartphones. Buying stolen goods can get you into a lot of trouble with the police if they’re traced back to you, so be cautious when buying.
- If you will be using PayPal to pay for an item, never select friends and family payments. If you do, you’ll never be able to dispute a transaction if something goes wrong, and fraudsters are well aware of this. If a seller insists on that method of payment, consider it a major red flag.
- If you’re selling anything, avoid using Venmo as a payment processor. The app forbids using the platform to receive funds for selling anything. It is also often used by scammers to buy items using stolen credit cards. Sellers have suffered huge losses with buyers using the app.
Before you do business with anyone on Facebook Marketplace, first of all make sure that the person has a full Facebook profile with history. If you see only a few pictures, very few or no friends or the profile was only recently created, consider that a major red flag. If you’re selling anything, be wary of anyone who insists on one form of payment.
How to avoid being scammed on Facebook
Facebook has been putting a lot of effort into tackling scams on the platform, and you can do your bit by report ingsuspicious activity directly to Facebook.
Facebook has also launched a scam fighting tool to combat scams on social media. In addition, Facebook has also donated £3m to fund Citizens Advice Scams Action, a new anti-scams project now providing one-on-one help to people who have been victims of scams.
But the scammers are still out there. Here are some things you can do to protect yourself.
- Update your Facebook settings so that you are notified and have the ability to allow or disallow tagging of your profile by anyone.
- Uninstall apps that ask for permission to access your Facebook credentials. These apps are often spyware.
- Do not save login information on your smartphones or browsers.
- Logging into your Facebook account over a public computer or shared computer can leave your account at risk.
- Remove malicious Facebook applications.
- Don’t forget to log out of your account whenever you use shared computers.
- If you receive a message that looks suspicious, report it to Facebook by tapping the ‘Something’s Wrong’ button.
- If your account wasn’t just compromised, but the hacker is actually sending out spams to your friends, report it to Facebook via Facebook.com/hacked.
- If you received an email supposedly from Facebook that looks suspicious, forward it email@example.com.
- Always keep in mind that Facebook will never send strange links or attachments in their emails. If you get any of these emails, report it.
- If you’re being targeted by anyone on Facebook, you can block, report, ignore or delete their messages.
- If you suspect that something is not right with a particular account, report it.
- If you have received notifications from Facebook that you find suspicious, you can report them by clicking here.
- If you purchase a product that never arrives, you can report the seller. To do that, visit the seller’s profile, which can be found at the bottom of the product profile. Tap on the “Seller Info” section, and there you’ll find a “Report” button.
If you’ve been the victim of scam, you can report it to Action Fraud on 0300 123 2040 or use their online reporting tool.