You might just use Facebook for watching funny cat videos, but crooks use it to steal your money and information
17 Facebook Scams You Need to Take Seriously
Beware of scams on Facebook
Facebook can be a wonderful place full of opportunities to learn new things, share the special moments in your life and reconnect with old friends. But there is also a dark side to this popular social media platform: It can be a hotbed for Facebook scams, fraud, misinformation and disinformation.
“Users should approach all social media interactions [on Facebook], whether it is a post, a tweet or a direct message, with a healthy dose of skepticism,” says Eva Velasquez, CEO and president of Identity Theft Resource Center. “Content is not necessarily vetted, and with the number of social media account takeovers on the rise, you cannot be certain you are interacting with someone you actually know.”
With more and more Facebook scams being exposed every day, each new scam is more clever and less detectable than the last. Below, experts share their top online security tips to avoid these nefarious and sometimes quite believable common online scams on Facebook. As a rule of thumb, remember to do your own research, never click on suspicious links and distrust sites asking you to enter personal information—it’s one of the ways social media accounts get hacked. Still got hacked? Here is how to recover your hacked Facebook account.
Fake medical fundraisers
Unfortunately, scammers will often exploit sad stories like a heartbreaking diagnosis or life-threatening disease for their own benefit. They may send messages or create posts on Facebook pretending to be people diagnosed with cancer or recovering from a horrible car accident and ask for help with medical bills. In a similar COVID-19 related scam, fraudsters are claiming to have been stranded, infected or otherwise impaired by the virus and need financial support.
Preying on people’s sympathy and kindness, these con artists will request donations to a GoFundMe webpage or through a third-party app like Venmo or CashApp. The pleas are often sent from copycat Facebook accounts (with real photos and stolen information), which disappear entirely once the money is transferred. Keep in mind that your money isn’t protected if you use a third-party app to donate to a fake fundraiser, which is why Venmo scams, CashApp scams and Zelle scams are so common.
Clickbait scams
One of the newer Facebook scams is known as the “like-farming” or clickbait scam. According to the Better Business Bureau, fraudsters will create posts that are meant to elicit some sort of strong emotional reaction. One method is through offering a tempting sale or promotion on products if the user “likes, comments and shares,” while others aim to get users to share the post as many times as possible through heart-warming pictures or faux-activism posts.
The associated links could potentially put malware on your computer or require personal information (sometimes including credit card or social security numbers) to claim a prize. If a post requires extensive sharing or personal information, it’s best to be wary and check the original source for legitimacy. Facebook scams are sneakier than you might think—this true story of someone who got scammed on Facebook is just one example.
Giveaway scams
Free iPad giveaway? Sign me up! But wait—before you click that sweepstakes link, ask yourself whether it seems real. In this bank scam, many fraudsters create fake giveaways to fool users into sharing personal information like a credit card number or clicking a link that could download a virus onto their phones or computers. These frauds can also take place in the form of Instagram scams.
That said, there are legitimate sweepstakes, raffles and giveaways. “But there’s usually an end goal there,” Velasquez says. Most companies are hoping that the promise of a free iPad (or flight or jewelry) will entice you enough to, say, sign up for a newsletter or buy a product.
In these cases, before you give any personal information to a company, weigh the chances of winning with what you’ll lose once the company knows your email address or phone number. If the company doesn’t store your information securely, hackers could gain access to it and use it for fraud or sell it on the Dark Web. Here’s what you should know about fake ads on social media.
Facebook quiz scams
Your friend just found out what ’80s pop star is their spirit animal, and now you can’t wait to find out yours. Don’t let your curiosity get the better of you, though. Some Facebook quizzes will ask for access to your profile, and others will even go a step further by throwing trick questions into the quiz itself, says Adam Levin, founder of global identity protection and data risk services firm CyberScout and author of Swiped.
Questions like “What’s your mother’s maiden name?” are “purely to gather information because … they could be the answers to security questions” to recover your password, he says. Once hackers have this information, they can use Facebook’s password recovery process to log in to your Facebook account.
It’s best to avoid these quizzes altogether. But if you do want to take a quiz on Facebook, stick to the sites you know and trust, and create fake answers for password recovery questions so they’re hard to crack, says Levin. It might be easy enough for Facebook scams to figure out your mother’s maiden name, so leave an easy-to-remember lie instead. You might be surprised by what hackers can do with just your email address or phone number.
Cloned accounts
Be skeptical if you receive a friend request from someone you could have sworn already had a Facebook page. Sure, some people like to clean house by ditching their old profiles, but other friend requests aren’t so innocent. Scammers will clone a person’s entire Facebook profile, creating a fake profile of a real person.
From there, they can search the original user’s friends list and send their contacts a link for a get-rich-quick scheme or a cute quote. It’s the kind of thing you’d ignore from an anonymous email message, but not from a loyal friend. “They’re banking on the fact that you will trust the message,” says Levin. The problem is, clicking that link could download malware to your computer.
Before you accept a weird friend request, shoot over a text or call the person to confirm it’s not a fake account. Learning how to hide your friends list on Facebook can also protect your contacts if you fall victim to this scam in the future.
Spoofing attacks
Even if you haven’t received a new request, don’t immediately trust a message from a friend you can’t see face-to-face. Hackers can find a person’s password and break into their account, then send spoofing messages or posts to their friends asking them for money or other gifts. The messages are designed to tap into your emotions, causing you to panic and send the money without fully thinking it through.
In addition to using a friend’s profile to carry out a spoofing attack, scammers might impersonate famous people or organizations too. For example, there are dozens of accounts posing as Facebook CEO Mark Zuckerberg, sending users messages with claims that they’ve won money in a “Facebook lottery” and need to send gift cards to claim their winnings. Once they receive the gift cards, the fraudsters disappear.
Spam messages
With “cloning” of social media profiles on the rise, it makes sense to be aware that it might happen to you too. But don’t believe friends automatically. Reportedly, the same exact message has been sent to countless Facebook users, directly from another friend, but it’s a hoax: “Hi … I actually got another friend request from you yesterday … which I ignored so you may want to check your account. Hold your finger on the message until the forward button appears … then hit forward and all the people you want to forward too … I had to do the people individually. Good Luck!”
While forwarding the message won’t spread malware, it does mean you’re unnecessarily spamming the inbox of everyone you know. Instead, search your own name for an identical account to yours, and ask friends if they’ve had any fishy requests from you. Report the fake profile if the warning is legitimate and ignore the message if there doesn’t seem to be a threat.
Fake coupon codes
Liking a store’s or restaurant’s fan page—or even keeping an eye on the ads—can be a great way to stay in the loop when there’s a sale or discounted offering. (But if you don’t love them, find out how to turn off creepy Facebook ads.) If a post shows a promo code and it works, lucky you! You just saved some cash. But be skeptical if you need to give personal information or create an account to unlock the savings. In some Facebook scams, a site poses as a real store but is looking to convince you to share your email address (which can be used in phishing attacks) or other personal information like your credit card number or SSN, putting you at risk of identity theft.
You can avoid these scams by doing your own research on the sale or advertisement. “Open a new browser tab and Google” the store’s official website, says Velasquez. “Go to the source and see what’s going on.” If there’s a genuine promotion, you can bet the store’s official site will let you know.
Facebook Messenger scams
To protect yourself from Facebook Messenger scams, it’s important to stay vigilant against their common tactics. Scammers will often use Facebook Messenger to send users requests for money or fake offers for loans or lotteries. While these messages take many different forms, they all have one thing in common: Fraudsters are preying on our needs or desires to appear generous, be a hero or win money, among others.
If you did not initiate contact with the person who is messaging you—whether it is a friend or a stranger—Velasquez recommends going directly to the source. “People often trust DMs from their contacts because of that connection,” Velasquez says. “However, social media account takeover is so common that we advise people to verify who they are talking to through a different channel, particularly if the message is asking for help, money or information, or it’s from a contact you have not interacted with directly before.”
Phony fundraisers
Particularly after a major tragedy, you’ll see plenty of ads and posts from charities offering to help the victims. While some of those fundraisers really will go to the people who need the support, others could just be scammers preying on your caring spirit, says Levin.
Scams that pop up after natural disasters, mass shootings or other tragedies are typically after your personal information or money. Clicking a link from those schemers could put malware on your computer—or worse, your money won’t go to victims of the tragedy, but straight in the pocket of a crook.
To keep your money safe, do a Google search of the site instead of clicking the Facebook post link, says Levin. Visit a site like Charity Navigator or GuideStar, which both rate nonprofits on how helpful they really are. Seek out a trusted charity instead of donating to the first you see advertised.
Malware attacks
If a friend tags you and a handful of other friends in a Facebook post, your first instinct might be to click the link, even if the video looks suspicious. But don’t be sure that it really was your friend who tagged you—a hacker might have gotten into their account instead.
More than likely, the link sent by the hacker will send you to a site that asks you to download a Flash player update. You click the link, which immediately starts to download malicious software called malware to your computer.
In another version of a malware attack, a hacker might use your friend’s account to leave you a message warning “OMG look what they’re saying about you” and prompt you to click the link to find out what’s going on. “It’s really about engaging your curiosity and getting your curious nature to say ‘I want to know,'” says Velasquez.
But don’t click! A vague message (such as “Did you see this picture of you?”) is suspect, and clicking it could download malware, says Velasquez. If you do click a suspicious link, watch out for the signs your computer has been hacked.
Romance scams
Think twice before accepting friend requests from people you don’t know—it could be the first step to falling for a romance scam. The interactions start out innocently enough: The stranger on the other end is just looking for friends and starts opening up, and the two of you swap personal stories. Soon, you feel like “real” friends, and there even seems to be a romantic spark.
In reality, this is one of the tricks con artists use to win your trust before scamming you. When they ask you for money or other gifts, you jump at the chance to help this close friend. But the other person has been lying the whole time, working to gain your trust. Now that they have it, they’ll claim they need money for a made-up emergency that keeps snowballing and eventually drains your bank account dry, according to the Australian Competition & Consumer Commission.
Job scams
As more and more people embrace the “working from home” lifestyle, scammers are keener—and more well positioned—than ever before to profit off the hype. One way they attempt to sway you is by offering too-good-to-be-true jobs and salaries that would allow users to make an unbelievable amount of money from home. They collect vital data from the users (sometimes including bank account statements, records and social security numbers) and then resell it to the highest bidder on the Dark Web.
In other iterations, the scam takes on the role of a pyramid-like scheme in which the user must first send in money or buy products to reach their “inevitable fortunes.” It’s best to do a little research into the company and not click on any offers that seem unrealistic.
Fraudulent apps
Beware of advertisements for apps or features on Facebook that claim to allow users to see who views your profile. Facebook has (and shares) a ton of your data, so it would make sense that it also would open the door to let you see who’s been clicking your profile. But that’s one line that Facebook won’t cross, according to its official stance. Even third-party apps don’t have the ability to track who’s been looking at you. If you do see an app or feature that claims it can reveal who’s been watching you, you can report it as a fraud through Facebook’s website or the Apple or Google app stores.
Secret Santa scams
At first, it sounds like a great idea: Some stranger is setting up a “Secret Santa,” where you send one person a $10 gift, and three other people will send you one too. But like those old snail mail lottery ticket chains, there’s no guarantee you’ll get your money back in these Facebook scams. If no one else follows through sending your gift, you might not get anything in return. Even worse? “You just gave your home address to a stranger with a list of stuff you like,” says Velasquez. “Is the return really worth the investment?” Bad actors could use your home address to carry out doxxing attacks, and sharing other personal information could reveal the answers to your password security questions, leaving your account vulnerable to hackers.
Phishing attacks
If you receive a direct message or email from Facebook saying your account is being disabled, take a close look at the sender. Fraudsters are impersonating Facebook in phishing attacks designed to steal your information or sneak malicious software (like spyware or ransomware) onto your computer. The phony messages will include a fake link to recover your account, and the page it sends you to will ask for your login information and potentially other personal data. Never click a link without confirming if it’s true, or you could end up with malware or give away your data by answering the questions. Instead, log in to your account directly through your browser to verify the message.
Facebook Marketplace scams
More than a billion users buy and sell goods on Facebook Marketplace each month—but fraudsters are also using this online shopping platform to steal people’s money. Some Facebook Marketplace scammers may ask you to pay or communicate outside of Facebook, while others might list phony rentals, giveaways or other products. Learn how to spot the red flags of these Facebook Marketplace scams before you go shopping on the platform.
How to avoid Facebook scams
- Don’t click on any suspicious links. Short links or sensational-sounding videos are red flags for scam posts, according to the Better Business Bureau.
- If you receive a notification that your account might be deleted or was hacked, log in directly through your browser rather than through the link provided in the message or email.
- Review your account’s privacy settings regularly, and adjust them to protect your information from people who are not connected to you. Here’s how to private your Facebook profile so that your information remains hidden from those not on your friend list. Velasquez also recommends reading Facebook’s privacy policies and terms and conditions to understand how your information and data are being used.
- Create a strong, unique password and set up two-factor authentication on your account. Don’t share the authentication code with anyone.
- If you receive an odd or unusual message from a friend through Facebook, get in touch with them outside of Facebook to confirm that the message is real.
- Be on the lookout for strange typos or wording signaling the scammer may not actually be who they say they are.
- Never share personal information like your social security number or credit card info through Facebook Messenger or any other Facebook platforms.
- Delete friend requests from people you don’t know.
Additional reporting by Marissa Laliberte.
Sources:
- Eva Velasquez, CEO and president of Identity Theft Resource Center
- Adam Levin, founder of global identity protection and data risk services firm CyberScout and author of Swiped
- Australian Competition & Consumer Commission: “Dating and Romance Scam: Georgina’s Facebook Fiance Leaves Her Flat Broke”