Scammers just love Facebook! It allows them to quickly and cheaply reach huge numbers of potential victims. And, Facebook is completely free, very easy to use, and accessible to people at all levels of Internet savviness. So, alas, there is a never ending supply of naive and inexperienced users that Facebook scammers can target at will.
Here I summarise four scams that target Facebook users around the world every hour of every day. Perhaps you are already well aware of these scams. But, what about your friends, family members and work colleagues? I’m betting that at least a few of them are potentially vulnerable. You can help stop scammers in their tracks by making sure at-risk Facebook users know how to recognise and deal with these four all-to-common Facebook scams.
1: Facebook Phishing Scams
Facebook phishing scammers want your personal and financial information. They want the login credentials for your Facebook and email accounts. They want your credit card numbers. They want to steal your identity.
One very common way that online criminals achieve all of these goals is by sending you fake messages that claim that your Facebook account is about to be disabled or suspended. The messages, which may arrive via Facebook’s internal messaging system or via email, appear to originate from official entities such as “Facebook Security”, “Facebook Admin”, or the “Facebook Ads Team”. Typically, the messages warn that your account has been reported by other users or is in violation of Facebook’s Terms of Service and is therefore about to be closed permanently. But, claim the messages, you can avoid the pending account closure by clicking a link to “confirm” or “verify” your account.
If you do click the link, you will be taken to a fraudulent website that has been built to look like it is part of Facebook. Once on the fake page, you will be asked to log in with your Facebook account email address and password. You will then be taken to further fake forms that ask for your email account password, your credit card details, and a lot of other personal information. After submitting all of the requested information, you may receive a final message claiming that you have successfully avoided the account suspension.
Meanwhile, the criminals can collect the information you supplied and use it to hijack your Facebook and email accounts. Once they have gained access, they can use the compromised accounts to launch further spam and scam campaigns, including more Facebook phishing scams like the ones we are discussing here.
They can also use your credit card to make fraudulent purchases. And, if they have gathered enough of your personal details, they may even be able to steal your identity outright.
Keep in mind that, if Facebook needs you to deal with an account issue, you will be notified about the issue when you log in to your account. You will NOT receive such a warning via email or private message that threatens an account suspension if you do not click a link. If you receive such a message, just delete it. Do not click any links in the message.
This Hoax-Slayer YouTube video describes these “account disabled” phishing scams in more detail:
In other types of Facebook related phishing scams, you may be tricked into clicking a link in a personal message from a friend. The message may claim that the friend has seen you in a compromising photo or video and you should click to access it. Or, the message may claim that you should click to view a “breaking news” report or “urgent” warning. Again, the link will lead to a fake Facebook site that is designed to steal your login credentials and other personal information. You receive these messages because your friend’s Facebook account has been hijacked by scammers and used to distribute more of the same scams. You can read more information about these scams here.
It is always safest to login to Facebook either by entering the address into your browser’s address bar or via an official Facebook app.
2: Facebook Cloning
Facebook cloning describes a technique in which scammers create a fake Facebook profile by using images and other information stolen from a targeted user’s real Facebook profile.
The scammers may be able to create a profile that – at least at first glance – looks very much like the target’s genuine profile. Especially if the victim has all or some of his or her profile material set to “public”.
Why would scammers do this? Once the scammers have created a fake profile, they can send friend requests to people on the targeted person’s friends list.
At least a few of the victim’s friends may accept this second friend request because they mistakenly believe that the victim has accidentally unfriended them. Or, people with a large number of Facebook friends may have forgotten that they were already friends with the victim and accept the second friend request. And, regrettably, some Facebook users tend to immediately accept friend requests without due forethought.
Once the scammers have a few “friends” on the fake profile, they can then start sending scam messages in the name of their victim.
You can read a lot more information about Facebook cloning and how to protect yourself from it in this dedicated Hoax-Slayer report on the topic.
3: Facebook Lottery and Grant Scams
Advance fee scammers often create scam messages claiming to be from high-profile companies such as Coca-Cola, Mercedes, or Microsoft. And, these days, Facebook is often their company of choice.
An increasing number of advance fee scam messages purport to come from Facebook. Typically, the messages claim that the “lucky” recipient has won a large cash prize in a promotion, lottery or award organised and managed by Facebook. Some are quite crude. Others are more sophisticated. A few even claim to come directly from Facebook CEO Mark Zuckerberg himself.
Some arrive via email. Others may be distributed as private messages from within Facebook itself, often via hijacked or cloned accounts.
Details in the messages may vary. As may the method by which they are distributed. But, all claim that “winners” can collect their unexpected prize by contacting a designated agent or department.
Those who make contact as instructed will soon be asked to pay various upfront fees, ostensibly to cover unavoidable expenses such as bank fees, tax payments, insurance, or delivery costs. The criminals will claim that these fees cannot be deducted from the prize itself for legal reasons or company policy.
Alas, no matter how much money victims send, they will never get the promised prize, which never existed to begin with. And all of the money they send will line the pockets of the greedy criminals running the sting.
And, if victims supply enough personal and financial information during the course of the scam, the criminals may also manage to steal their identities as well as their money.
Users should be very cautious of any email claiming that they have won a large prize in a lottery, promotion or award that they have never even entered. If you receive such a message, do not reply. And do not click any links or open any attachments that it contains. The best way to deal with these scam messages is simply to hit the delete button.
4: Facebook Like-Farming and Survey Scams
Facebook hosts a great many bogus competition pages. These bogus Pages promise amazing prizes such as store vouchers, holidays, luxury vehicles, ocean cruises, free air travel, and even houses in exchange for liking, sharing, commenting, and filling in surveys. And, despite many warnings about such scams, very large numbers of Facebook users continue to fall for them.
Of course, there are plenty of genuine competitions promoted on Facebook. But, unlike the scams, posts promoting these genuine competitions will have clearly defined terms and conditions. And, if the prize is being offered by a major company, the associated Facebook Page will usually include Facebook’s blue “verified” icon beside its name. Moreover, the prizes offered will be more realistic. For example, if a Page claims that you can win a very expensive prize such as a Range Rover or air tickets to anywhere in the world just for liking and sharing, then it is likely to be bogus.
The fake Facebook Pages are often newly created and have very little content. To create the illusion they are genuine, the scammers will often use Page names very similar to that of the targetted company. For example, if they are targeting Disney, they may call their fake Page “Walt Disney World.” – note the period in the name – rather than “Walt Disney World”. Many users may not notice the misplaced period at the end of the Page name and thus assume that they are on a genuine Disney Page.
There are basically two versions of these prize scams that often work hand in glove.
Like-farming scams simply ask you to like, share, and comment for a chance to win the promised prize. As the name suggests, these scams are designed to collect or “farm” large numbers of Facebook Page likes as quickly as possible. By participating, you are ensuring that the bogus prize post will be seen by an ever-widening audience and the fraudulent Facebook Page will thus gain a great many new likes. After the Page has substantially increased its like numbers, it will often be used to launch survey scams as discussed below. Because of the initial like-farming campaign, the subsequent survey scam posts have the potential to reach a much larger audience and can thus generate a lot more money for the scammers.
Alternatively, the fake Facebook Page may be sold on the black market to other scammers who will re-purpose it to suit their own nefarious goals. The more likes a Page has, the more it can likely be sold for.
This Hoax-Slayer YouTube video explains more about how like-farming scams operate:
As noted, Facebook survey scams often follow on from initial like-farming scams. Other versions may bypass the like-farming phase and jump right into the survey tactic.
Again, the fraudulent posts will offer fabulous prizes in exchange for liking, sharing, and commenting. But, this time the posts will also instruct you to click a link to enter a prize draw or claim your giveaway.
If you click the link, you will be told that, before claiming your giveaway or prize entry, you must first fill in one or more surveys. A window will present you with a list of survey links to click on. The links open various websites that offer the chance to win further prizes in exchange for filling in surveys and providing your name, email address, home address, and phone numbers. But, fine print on the sites will explain that, by participating, you are giving permission for your personal information to be shared with “site sponsors” and third-party marketing companies. Thus, soon after participating, you will begin receiving unwanted and annoying phone calls, text messages, emails, and surface letters promoting a variety of products and services you most likely neither want nor need.
In other cases, the scam survey sites may try to trick you into subscribing to very expensive SMS “clubs” that will charge you several dollars for each and every inane and pointless text message they send you.
Meanwhile, the scammers who created the bogus Facebook giveaway Pages will earn commissions each time somebody provides his or her information on one of the survey sites.
And, of course, no matter how many surveys you complete or how much information you provide, you will never get the promised giveaway or prize entry, which never existed in the first place.
This Hoax-Slayer YouTube video covers what happens during a typical survey scam:
Of course, criminals use many different tactics to separate Facebook users from their money and personal information. But the four scams discussed here are among the most common threats to Facebook users. If every Facebook user knew about these four scams and how to avoid them, Facebook would be a lot more safe and secure.