Six Common Facebook Scams in 2019 (and Other Social Media Scams)
July 15, 2019
By Tim Russell
Technology Services Manager
Facebook, Twitter and other forms of social media have made it easier for all of us to connect and share information. Unfortunately, cyber criminals also use these platforms as weapons to prey on others and manipulate digital communication for their own gain.
To date, individuals and businesses have lost more than $100 billion due to social media scams. In 2018, the Better Business Bureau reported 48,369 scams, up from 45,811 scams in 2017.
No one — not even the savviest Internet user — is completely immune to sophisticated social media fraud. But it helps to be aware of the most common social media scams facing us today:
- Celebrity & Company Impersonators
- Profile Hijacking
- Catfishing & Romance Scams
- Gossip Clickbait
- Fake Quizzes
- Easy Money Scams
In this article, we'll break down the telltale warning signs of these social media scams — along with ways for you to avoid them.
Although many fake celebrity Facebook profiles are created in good fun (e.g. the fake Warren Buffett profile that surfaced last year); cyber attackers also frequently pose as someone famous. In these social media scams, hackers are able to leverage the credible or noteworthy name to get victims to click on a malicious link out of curiosity.
And since celebrity photos and information are readily available across the web, it's fairly easy for a criminal to cook up a fake Facebook profile in a matter of minutes.
FAKE CELEBRITY PROFILE EXAMPLE
Perhaps a more dangerous form of impersonation occurs when impostors pretend to be a real company on social media and respond to consumer complaints. Be warned that social media scammers do this in an attempt to harvest your private account details.
For example, recently a customer was upset with her broadband service, so she complained on Twitter. She promptly received a response from an account appearing to be the customer service team for this company. She gave her personal and banking information to this fake “customer service team,” and soon found her bank account emptied and several loans taken out in her name.
EXAMPLE OF A COMPANY IMPERSONATOR SCAM
How to Detect (and Avoid) a Social Media Impersonator
- Look for a “verified” badge. If a profile portrays someone famous, look for a “verified” blue checkmark next to the owner's name (see the example above).
- Check the profile's details. If the profile was recently created, has little activity, a minimal following or zero contacts in common with you, be suspicious.
- Perform your own search. If you're looking to follow a company or someone famous, do a Google or Web search to find their real social media profile for yourself.
- Never share account information on social media. Legitimate companies should never contact you on social media and ask for your account information.
- If someone calls in response to your social media complaint, be wary of sharing information. If in doubt, hang up the phone, wait five minutes and call the company's direct customer service line to verify.
If you have a Facebook account, there’s a good chance you have encountered profile hijacking, Facebook friend request scams, and fake Facebook profiles. A profile hijack is a type of identity theft where the criminal poses as a friend or family member on social media in order to earn your trust and eventually trick you into sending money or clicking on a malicious link. This can happen on any social media site, but it commonly happens on Facebook. There are two main types of profile hijacking that can occur.
- Cloned Account: A criminal creates a fake Facebook account impersonating someone you know.
- Hacked Account: A criminal hacks into a person’s real account, changes their password and uses their network to scam unsuspecting friends and family.
EXAMPLE OF COMMON PROFILE HIJACKING:
Ways to Detect (and Avoid) a Hijacked Profile
- Keep your own profile information private. Make use of your privacy settings to avoid being hijacked, use a strong password and don’t share your password with anyone..
- Verify Facebook friend requests. Before you accept a friend request, check for mutual friends and signs of their long-term social profile usage (number of friends, posts, photos, etc.). You could even go so far as to call or text a mutual friend to verify the connection. If you receive a friend request from someone you are already friends with, it is almost definitely a fake Facebook profile. Keep this in mind so you don’t fall victim to Facebook friend request scams.
- Be wary of changes in tone and money requests. If a friend doesn't sound the way they usually do when you chat in person or if they are directly asking you for money or financial assistance, be suspicious. If you are suspicious, try contacting the person through another channel to verify their request. Send a text or give them a call. They may not realize someone has hijacked their account or is impersonating them on a fake Facebook profile.
Thanks to popular dating sites and apps, it's estimated that nearly 1 in 5 relationships now begin online (Psychology Today). However, criminals are also using the backdrop of online dating as an opportunity to con victims into giving away money — or worse. These types of scams are often referred to as “catfishing” (after the 2010 film “Catfish,” which chronicled the story of a young man who fell in love with a fake Facebook profile). These catfishing scams bear resemblance to Facebook friend request scams, but they typically last longer and involve more deception and manipulation.
Catfishers are extremely adept at gaining the victim's trust, sometimes putting in weeks or months of messages and conversations before ever asking for money. When they do finally make the ask, they'll say it's for something like a plane ticket to finally meet in person or help for a sick or injured relative. Once they receive the money, they usually disappear.
In worst-case scenarios, predators have used social media in an attempt to lure victims into human trafficking.
EXAMPLE OF A ROMANCE SCAM
How to Detect (and Avoid) a Romance Scammer
If you meet someone online through a dating site or social media app, watch out for these warning signs:
- Sounding too good to be true. If they’re too attractive or rich, have a glamorous job, or otherwise seem too good to be true, they're usually not real.
- Professing love quickly, without actually meeting you. scammer will often express strong emotions, potentially even love, before meeting you. If someone is in a rush to move the relationship along, it’s wise to be suspicious about their motives.
- Attempting to lure you off the dating site. Scammers prefer if you leave the dating site and start using personal email or instant messaging to continue communication. This makes it easier to access your personal information — starting with your primary email address.
- Giving excuses not to meet you in person and avoiding video chat. If a scammer plans to visit but always cancels at the last second, stop interacting with them immediately. This is one of the biggest red flags that the person is not who they say they are. If you do meet in person, arrange to meet in a public place and make sure a friend or family member knows where you are.
- Asking for money or things from you. Be suspicious of anyone who asks you for financial assistance, no matter how dire they claim their circumstances are. Common storylines include sick relatives, short-term loans for plane tickets, startup money for a business venture, or a service member overseas who needs money.
If you're concerned that you or a loved one is being scammed, contact authorities right away. You can also read our in-depth article on how to deal with suspected online dating scams.
“Clickbait” headlines and messages feed on a person's curiosity through a misleading or sensationalized text. Some clickbait is harmless and may be an attempt to ratchet up web traffic. However, other clickbait can lead to hidden dangers like malware or viruses that put your private data in jeopardy.
One piece of prominent chain clickbait spam is a form of the fake Facebook profile and profile hijacking scams mentioned above. This scam involves a message from someone you know claiming to have proof or a photo that you did something scandalous. If you click on the link, a malicious bot sends the same message to all your friends, and the chain keeps going. In the meantime, the link may also have included malware that has compromised your information.
EXAMPLE OF CLICKBAIT SPAM
How to Detect (and Avoid) Gossip Clickbait Spam and Scams
- No name? No click. If a general message with a link doesn't explicitly say your name, ignore it or delete it. If it comes from someone you know, it’s probably sent from a fake Facebook profile.
- Contact your friend a different way. If you receive a suspicious message from a friend, verify through a text or phone call that they actually sent it.
- Don't click on unrecognizable links. Before clicking on a shortened URL on social media, use a link lengthening service such as CheckShortURL to verify the source.
What to do if You've Clicked on a Clickbait Message
- Immediately change the password associated with your social media account.
- Disconnect any apps that are connected to your social media account. Click here to learn how to disconnect apps from Facebook.
- Post a message on social media letting your friends know that you’ve been hacked. This will keep them from clicking on any malicious messages that may have been sent from your account.
- Take your computer or device to a security expert who can check your system and install the latest anti-virus software.
We've all seen those goofy personality or IQ quizzes on Facebook, and they might seem harmless at first glance: Find out your real IQ. Which Harry Potter house would you belong to? Or, my personal favorite, which Disney princess are you?
But ask yourself - is the answer really worth compromising your bank account information? These quizzes aren't about testing your personality at all - they are disguised clickbait and phishing methods. Take one sinister quiz and you could unknowingly be giving up personal details like answers to the standard security questions used to lock down your financial accounts (first car, birth hometown, etc.). At the very least, you could be playing into the hands of a big data company like Cambridge Analytica, which used online quizzes to harvest personal data from millions of social media profiles prior to the 2016 election.
Finally, security researchers at Symantec have warned against another type of sinister quiz, one that tricks users into exorbitant text message charges by requiring a mobile phone number to view the results.
FAKE SOCIAL MEDIA QUIZ EXAMPLE
Get-rich-quick ploys, pyramid schemes and job offer scams are nothing new, but social media has provided a fresh platform for con artists to squeeze money out of unsuspecting victims.
In hopes of striking easy money, thousands of Americans fall prey to scammers promising lottery winnings or a high-paying job, in return for a small “advance fee” to secure the prize or position that doesn't actually exist. Once you know how to spot job offer scams, you’ll be able to see them from a mile away.
EXAMPLE OF A JOB OFFER SCAM
How to Avoid Easy Money Scams and Job Offer Scams
- Never wire or send advance money. No legitimate lottery will require you to submit a down payment (beyond the cost to purchase the original ticket), and no legitimate employer will charge you for an interview or background check fee.
- Be wary of unsolicited job offers. Check and double check any organization that contacts you out of the blue. Find an official website, and contact their official HR department or representative to verify.
- Interview in person. Never accept a job unless you've conducted a face-to-face interview with an actual representative of the company. Many job offer scams will include an offer before the person interviews you. This is a red flag.
- Guard your résumé. Some scammers will mine your résumé or curriculum vitae for personal information they can exploit elsewhere across the web. Be careful what information you choose to share or post publicly.
What to do if You're a Victim of a Social Media Scam
If you think you have fallen for a social media scam, take the following steps:
- Immediately stop all contact with the scam artist. Block their phone number, social media profile and email address.
- Keep copies or screenshots of all communications.
- Report the matter to local law enforcement.
- Report the incident to the FBI's Internet Crime Complaint Center and to the Federal Trade Commission.
- Report the scam artist's profile to the social media website (use the following links to report scams to Facebook, Twitter, Instagram, Pinterest and YouTube).
- Change the passwords to all of your social media and online accounts.
- Keep a close eye on all of your financial account activity for suspicious transactions. Using online or mobile banking makes it easy to check your accounts, 24/7.
Final Thoughts: Protecting Yourself on Social Media
If something sounds too good to be true on social media, it usually is. So the most important thing to remember is to protect your online safety and think before you click! As cyber attackers become savvier, it's important for you to stay aware of the threats they pose. Subscribe to our monthly newsletter to stay updated on the latest scams and ways to avoid them.