Don’t let yourself or someone you care about fall for a Facebook scam. Learn what to look for and stay safe.
Facebook Phishing
Phishing is the act of impersonating a service to convince a target to give up their login credentials. While Facebook phishing is ultimately no different from any other kind of phishing, it’s significant because some of the other scams on this list rely heavily on compromised accounts.
Most phishing takes place over email when a scammer sends a message asking the target to log in to their account, recover their password, or verify account details. When this link is clicked, the target is taken to a website that looks very much like Facebook but actually is hosted elsewhere. You can spot a scam like this by looking at your browser’s address bar. If it reads anything other than “facebook.com,” then you are being deceived.
Facebook also doesn’t often send out notices asking users to verify their accounts. Unless you haven’t logged in for years, your Facebook account should not require any action from you to maintain. Even if you suspect a notice to be legitimate, you should still visit Facebook.com directly rather than following a link in an email, just to be safe.
Because Facebook is a social network, your friends influence your behavior while using the service. If you see that a trusted friend or family member has liked a page, shared a post, or recommended a service to you on the platform, you’re much less likely to question it. Association with your friends becomes a tacit endorsement.
With the keys to your Facebook account, a scammer has access to your full list of friends. They can tell who you message and how often you do so, and even what you talk about. This information could be used to conduct highly targeted personal scams, or it could be used to cast a far larger net over your entire friends list.
RELATED: What is Typosquatting and How Do Scammers Use it?
The Ticket Scalper Event Scam
Scammers have taken to using Facebook’s events system to deceive you into paying over the odds for event tickets. These vastly overpriced tickets may never exist in the first place, and if you are unlucky enough to fall for the scam, then you are unlikely to be able to recover your money.
The scammer first creates an event page for a show with limited tickets and high demand, often shows that have already sold out. Many such scammers will create legitimate-looking events “company” pages, which usually consist entirely of Facebook events for similar shows.
The event is then promoted on Facebook, which costs the scammers very little to do. Many users will click on “Interested” or “Going” as the post scrolls by in their newsfeeds, which further provides the event with a sense of legitimacy. Unfortunately, the link to tickets for the events does not point to an official ticket outlet.
Instead, scammers will insert links to ticket resale websites. These already exist in morally and legally gray areas. Such sites are commonly used by scalpers who buy tickets en-masse to flip for two, three, or four times the price. The more sought-after the tickets, the more profit there is to be made. Many of these resellers do not have tickets to sell in the first place.
If you’re lucky enough to receive your ticket, you’ll be paying vastly inflated prices for it. If your ticket never arrives, most reseller websites point to the terms and conditions which state that they are not responsible for any sellers that do not deliver. Depending on your local laws, you might not have a lot of consumer protection. Even if you do, not everyone has the resources to fight a legal battle.
To avoid this scam, always buy from legitimate ticket outlets. Don’t blindly trust or click “Interested” on events that appear in your news feed. If you want to buy tickets, leave Facebook, and search for the show or artist, you would like to see and follow official links instead.
The Unexpected Prize or Lottery Scam
Most of us wouldn’t fall for a letter in the mail that tells us we’ve won a lottery that we have no recollection of entering. Most of us wouldn’t fall for an email or random message on Facebook, notifying us of this either. But what if you received this exact message and a message from a friend telling you that they’ve already cashed in their winnings?
This is the advance-fee scam, also known as the “Nigerian prince ” or 419 scam (as they violate section 419 of the Nigerian criminal code, which deals with fraud), with a twist. Compromised accounts are the perfect breeding ground for this sort of scam. The endorsement of a friend whom you trust can be enough to tip you over the line. These friends will often comment that they saw your name on the “list of winners,” which you should always treat as a red flag.
— Mr Benn (@therealmrbenn) November 30, 2019
Ultimately the scam takes the same turn as every other 419 scam out there. You’ll be told that a “processing” or “administration” fee must be paid to send the money to your account. Sometimes scammers will try multiple times to get you to pay “fines” or “transaction fees” related to the balance. Suspiciously, these fees can never be subtracted from your winnings.
By the time the penny drops, you could have put hundreds or thousands of dollars into the scam. The lure of $150,000 could persuade many of us to spend $1500 without a second thought. You should always question anyone who wants you to spend money to receive a prize.
Fake Gift Cards and Coupons
You’ve probably seen these gift card or discount coupon scams advertised around the web but never thought to click on them. But that’s not the case when they are shared by a friend, a tactic that many scammers rely on to recruit more victims.
A friend shares a free gift card or a significant discount code to a big retailer on Facebook. Curious, you click on it and are asked to fill out a form so that you can receive your code. At the end of the process, you’re told to share the post, at which point you will receive what was promised to you. The problem is, your gift card or discount never arrives.
— 13WHAM (@13WHAM) July 12, 2019
You might not think anything more of this, but you’ve already been scammed. Personal information, particularly names linked to addresses, a date of birth, and a valid email address all have value online. Your details may be sold to spammers who will use it for marketing purposes. You’ll probably get a lot more cold calls and unsolicited emails.
Sometimes scammers will try the scam in reverse by sending fake gift cards to a physical address. When you “activate” the gift card by visiting the link on the back, your information is taken to be sold elsewhere, and your gift card never works.
Be immediately suspicious of any competition or offer that asks you to share the post as part of the claim or entry. Facebook and Twitter cracked down on this behavior years ago, and it’s no longer tolerated as a valid means of entering competitions or claiming discounts or store credit.
Bad Sellers on the Facebook Marketplace
Facebook Marketplace and the huge number of Buy/Sell/Swap groups on the platform are a useful way to flip old items or buy second-hand goods in your local area. There’s also a huge potential for things to go wrong through scammers and rogue actors.
You should never buy an item on Facebook Marketplace that you cannot inspect or pick up yourself in person. Facebook Marketplace is not eBay and has no buyer protection in place to safeguard you against sellers who won’t send the items you have bought. Furthermore, sellers often use personal payment features reserver for friends and family on services like PayPal, where there is no ability to reverse the payment.
You can also open yourself up to other problems, like meeting a seller in private to conduct a cash transaction and being robbed. If you are meeting someone in person from Facebook Marketplace, do so in a sensible, well-lit, and public location. Take someone with you who you trust, and if whatever you are buying sounds too good to be true, then trust your gut instinct and don’t show up.
Facebook Marketplace is used to quickly sell-on stolen goods, particularly gadgets like tablets and bicycles. If you buy stolen goods and they are traced back to you, you will, at the very least, lose whatever you purchased and will likely lose all of the money you paid for said item. If the authorities suspect you knew the goods were stolen, you may be charged with handling stolen goods too.
Romance Scams
Romance scams are elaborate, but they have deceived many. Much of the time, the scammer will use a relationship to extract money and other goods from the victim. These scams can have disastrous consequences way beyond financial loss if they go too far.
Always be wary of anyone you meet online since it’s so difficult to prove that they are who they say they are. Even phone calls and webcam conversations can appear legitimate while being ultimately deceptive. Unfortunately, many who are lured by this scam are unable or unwilling to see that they are being used.
The main red flag to look for is a romantic interest who you have met on Facebook (or elsewhere online) asking for money. Their reasons may seem convincing, and they may tug on heartstrings in a bid to persuade you that they have a legitimate need. They might say that they’re short on rent, that their pet needs an operation, or that their car needs urgent repairs.
Play Video
This scam can take a very dark turn when the scammer wants more than just money. The recent case of Sydney woman Maria Exposto demonstrates just how badly things can go wrong. Maria was found with over 1 kilogram of methamphetamine in a backpack in Kuala Lumpur airport while traveling back from a trip where she was supposed to meet a US military soldier who identified himself as “Captain Daniel Smith.”
Her supposed love interest never arrived, and instead, she was befriended by a stranger (the scammer) who convinced her to carry the backpack back to Australia. Maria was convicted by a Malaysian court of drug trafficking and sentenced to death in May 2018. It took five years in jail and 18 months on death row before her conviction was overturned and she was released.
This is an unusual turn for a romance scam, but it’s not the first time it’s happened. In April 2011, New Zealand woman Sharon Armstrong was found trafficking cocaine out of Argentina because she too had fallen for a romance scam.
Clickbait Used to Spread Malware
This is the same technique used all over the web by deceptive advertisers to drive clicks. You’ll see an advert for a “shocking video” or an “amazing transformation” or another similarly scandalous title. When you click on it, you’ll usually be taken through a few redirects before landing on a website that tries to install malware on your computer.
On Facebook, these links often appear at timely intervals, like when the social media network is discussing the rollout of new features. Some of these scams offer to add features to your account, like the fabled “dislike” button or a means to see who has viewed your profile. If in doubt, a quick internet search should reveal any legitimate changes, and you can ignore the clickbait.
While Facebook can remove links or add disclaimers next to misleading and fake stories, the use of URL shortening websites and redirect links are used heavily to evade detection. For your safety (and to deprive the scammers of clicks), you should avoid spammy content like this altogether.
The Golden Rule
Many (but not all) scams can be avoided if you follow one simple rule: if it looks too good to be true, it probably is. For the rest, you’ll just need to be vigilant, and always question the motives of the person who is engaging with you, whether it’s a Facebook event, a sponsored post, or an unsolicited message.
As Facebook continues to grow and have a more significant impact on how we live our lives, these scams (and many new ones) are bound to occur more frequently. Social media isn’t the only service affected by such problems, and scams are rife on crowdfunding websites and many other online services.