Six Common Facebook Scams in 2019 (and Other Types of Social Media Fraud)
July 15, 2019
By Tim Russell
Technology Services Manager
Facebook, Twitter and other forms of social media have made it easier for all of us to connect and share information. Unfortunately, cyber criminals also use these platforms as a weapon to prey on others and manipulate the ease of digital communication for their own gain.
To date, individuals and businesses have lost more than $100 billion due to social media scams. In the past year alone, the Better Business Bureau reported 48,369 scams in 2018, up from 45,811 scams in 2017.
No one — not even the savviest Internet user — is completely immune to sophisticated social media fraud. But it helps to be aware of the most common social media threats facing us today:
- Celebrity & Company Impersonators
- Profile Hijacking
- Catfishing & Romance Scams
- Gossip Clickbait
- Fake Quizzes
- Easy Money Scams
In this article, we'll break down the telltale warning signs of each social media scam — along with ways for you to avoid them:
Although many fake celebrity profiles are created in good fun (e.g. the fake Warren Buffett profile that surfaced last year); cyber attackers also frequently pose as someone famous. Hackers are able to leverage the credible or noteworthy name to get victims to click on a malicious link out of curiosity.
And since celebrity photos and information are readily available across the web, it's fairly easy for a criminal to cook up a fake profile in a matter of minutes:
FAKE CELEBRITY PROFILE EXAMPLE
Perhaps a more dangerous form of impersonation occurs when impostors pretend to be a real company on social media and respond to consumer complaints, in an attempt to harvest account details.
For example, recently a customer was upset with her broadband service so she complained on Twitter. She promptly received a response from an account appearing to be the customer service team for this company. She gave her personal and banking information to this fake “customer service team,” and soon found her bank account emptied and several loans taken out in her name.
EXAMPLE OF A COMPANY IMPERSONATOR SCAM
How to Detect (and Avoid) a Social Media Impersonator:
- Look for a “verified” badge. If a profile portrays someone famous, look for a “verified” blue checkmark next to the owner's name (see the example above).
- Check the profile's details. If the profile was recently created, has little activity, a minimal following or zero contacts in common with you, be suspicious.
- Perform your own search. If you're looking to follow a company or someone famous, do a Google or Web search to find their real social media profile for yourself.
- Never share account information on social media. Legitimate companies should never contact you on social media and ask for your account information.
- If someone calls in response to your social media complaint, be wary of sharing information. If in doubt, hang up the phone, wait five minutes and call the company's direct customer service line to verify.
A profile hijack is a type of identity theft where the criminal poses as a friend or family member on social media, in order to earn your trust and eventually trick you into sending money or clicking on a malicious link. There are two main types of profile hijacking that can occur:
- Cloned Account: A criminal creates a fake account impersonating someone you know.
- Hacked Account: A criminal hacks into a person’s real account, changes their password and uses their network to scam unsuspecting friends and family.
EXAMPLE OF COMMON PROFILE HIJACKING:
Ways to Detect (and Avoid) a Hijacked Profile
- Keep your own profile information private. Make use of your privacy settings to avoid being hijacked yourself.
- Verify requests with common friends. Before you accept a friend request, check for other friends you have in common with the profile and signs of their long-term social profile usage (number of friends, posts, photos, etc.). You could even go so far as to call or text the friend to verify they're actually the one who sent the request.
- Be wary of changes in tone and money requests. If a friend doesn't sound the way they usually do when you chat in person; or if they are directly asking you for money or financial assistance, be suspicious.
Thanks to online match sites and popular dating Apps, it's estimated that nearly 1 in 5 relationships now begin online (Psychology Today). However, criminals are also using the backdrop of online dating as an opportunity to con victims into giving away money — or worse. These types of scams are often referred to as “catfishing” (after the 2010 film “Catfish,” which chronicled the story of a young man who fell in love with a fake profile on Facebook).
Catfishers are extremely adept at gaining the victim's trust, sometimes putting in weeks or months of messages and conversations before ever asking for money. When they do finally make the ask, they'll say it's for something like a "plane ticket" to finally meet in person, or help for an ailing relative — only to back out at the last minute or never be heard from again.
In worst-case scenarios, predators have used social media in an attempt to lure victims into human trafficking.
EXAMPLE OF A ROMANCE SCAM
How to Detect (and Avoid) a Romance Scammer:
If you meet someone online through a dating site or social media App, watch out for these warning signs:
- Sounding too good to be true. They’re too good looking or rich, have a glamorous job, and so on. If someone sounds too good to be true, they're usually not real.
- Professing love quickly, without actually meeting you. Often times, a scammer will express strong emotions (potentially even love) before meeting you. If someone is in a rush to move the relationship along, be suspicious.
- Attempting to lure you off the dating site. Scammers prefer if you leave the dating site and start using personal email or instant messaging to continue communication. This makes it easier to scour your personal information — starting with your primary email address.
- Giving excuses not to meet you in person, or video chat. If a scammer plans to visit but always cancels at the last second, stop interacting with them immediately. This is one of the biggest red flags that the person is not who they say they are. If you do meet in person, arrange to meet in a public place and make sure a friend or family member knows where you are.
- Asking for money or things from you. Be suspicious of anyone who asks you for financial assistance, no matter how dire they claim their circumstances are. Common storylines include sick relatives, short-term loans for plane tickets, startup money for a business venture, or a service member overseas who needs money.
If you're concerned that you or a loved one is being scammed, contact authorities right away. You can also read our in-depth article on how to deal with suspected online dating scams.
“Clickbait” headlines and messages feed on a human being's curiosity through a misleading or sensationalized text. Some clickbait is harmless, and just an attempt to ratchet up web traffic, however other clickbait can lead to hidden dangers like malware or viruses that put your private data in jeopardy.
One piece of prominent chain clickbait spam involves a message from someone you know, claiming to have proof or a photo that you did something scandalous. If you click on the link, a malicious bot sends the same message to all your friends, and the chain keeps going. In the meantime, the link may also have included malware that has compromised your information.
EXAMPLE OF CLICKBAIT SPAM
How to Detect (and Avoid) Clickbait Spam and Scams:
- No name? No click. If a general message with a link doesn't explicitly say your name, ignore it or delete it. Even if it comes from someone you know.
- Contact your friend a different way. If you receive a suspicious message from a friend, verify through a text or phone call that they actually sent it.
- Don't click on unrecognizable links. Before clicking on a shortened URL on social media, use a link lengthening service such as CheckShortURL to verify the source.
What to do if You've Clicked on a Clickbait Message:
- Immediately change the password associated with your social media account.
- Disconnect any apps that are connected to your social media account. Click here to learn how to disconnect apps from Facebook.
- Post a message on social media letting your friends know that you’ve been hacked. This will keep them from clicking on any malicious messages that may have been sent from your account.
- Take your computer or device to a security expert who can check your system and install the latest anti-virus software.
We've all seen those goofy personality or IQ quizzes on Facebook, and they might seem harmless at first glance: Find our your real IQ. Which Harry Potter house would you belong to? Or my personal favorite, which Disney princess are you?
But ask yourself, is the answer really worth your bank account? Often these quizzes aren't about testing your personality at all, but disguised clickbait and phishing methods. Take one sinister quiz and you could unknowingly be giving up personal details — like answers to the standard security questions locking down your financial accounts (first car, birth hometown, etc.). At the very least, you could be playing into the hands of a big data company like Cambridge Analytica, which used online quizzes to harvest personal data from millions of social media profiles prior to the 2016 election.
Finally, security researchers at Symantec have warned against another type of sinister quiz, one that tricks users into exorbitant text message charges by requiring a mobile phone number to view the results.
FAKE SOCIAL MEDIA QUIZ EXAMPLE
Get-rich-quick and pyramid schemes are nothing new, but social media has provided a fresh platform for con artists to squeeze money out of unsuspecting victims.
In hopes of striking easy money, thousands of Americans fall prey to scammers promising lottery winnings or a high-paying job, in return for a small “advance fee” to secure the prize or position that doesn't actually exist.
EXAMPLE OF A JOB SCAM
How to Avoid Lottery and Employment Scams:
- Never wire or send advance money. No legitimate lottery will require you to submit a down payment (beyond the original ticket), and no legitimate employer will charge you for an interview or background check fee.
- Be wary of unsolicited offers. Check and double check any organization that contacts you out of the blue. Find an official website, and contact their official HR department or representative to verify.
- Interview in person. Never accept a job unless you've conducted a face-to-face interview with an actual representative of the company.
- Guard your resumé. Some scammers will mine your resumé or curriculum vitae for personal information they can exploit elsewhere across the Web. Be careful which information you choose to share or post publicly.
What to do if You're a Victim of a Social Media Scam:
If you think you have fallen for a social media scam, take the following steps:
- Immediately stop all contact with the scam artist. Block their phone number, social media profile and email address.
- Keep copies or screenshots of all communications.
- Report the matter to local law enforcement.
- Report the incident to the FBI's Internet Crime Complaint Center and to the Federal Trade Commission.
- Report the scam artist's profile to the social media website (use the following links to report scams to Facebook, Twitter, Instagram, Pinterest and YouTube).
- Change the passwords to all of your social media and online accounts.
- Keep a close eye on all of your financial account activity for suspicious transactions. Using online or mobile banking makes it easy to check your accounts, 24/7.
Final Thoughts: Protecting Yourself on Social Media
If something sounds too good to be true on social media, it usually is. So the most important thing to remember is think before you click! As cyber attackers become savvier, it's important for you to stay aware of the threats they pose. Subscribe to our monthly newsletter to stay updated on the latest scams and ways to avoid them.