4 Common Facebook Scams and How to Avoid Them

Email used to be the delivery method for scams and malware. The good news is, many people are aware of the scams and digital dangers in the email arena. The bad news is many digital miscreants have recycled and updated their digital scams when they followed the masses to Facebook. Below, I’ve compiled some digital dangers commonly employed against us.

Common Facebook Scams

Fake Links/Click Jacking – Fake news, free giveaways, etc. can be delivery methods for malware. Just like email scams of the past, these leverage stories, news or offers that catch your attention. The point is to have you click on a link or share something that propagates malware. Examples include:

• Direct Messages with links or attempts to get you to look at something.
• Links resulting in another login request for Facebook/Email Provider – this is to harvest your account.
• Surveys – Some surveys on Facebook are created to harvest information about users for identity theft/account hijacking/spear phishing (crafted attacks).

Fake Accounts – Fake Facebook accounts can fall into many different types of scams. Examples include:

• Account Cloning – I’ve seen this approach grow in frequency in the last year. Indications of a cloned account are a second Facebook Friend Request – if you’re already connected on Facebook, you should not receive a second Facebook Friend Request. The old email trick – “I’m in jail in a foreign country, can you send money?” has migrated to Facebook with a different twist.
• Friend of Friend/Relative – Some fake accounts are created and operated to entice you to trust them. Within a short period of time, they promise money or ask for it. Many scams revolve around large sums of money if you provide a fee or personal data.
• Romance – Another common scam are requests to “be friends” or “…get to know you”. I’ve seen many people fall for these accounts. They can be grouped into two primary categories:
  • For the Lulz – Some people create and operate fake accounts for their own personal needs or dysfunctions. They may not ask for money and simply crave attention. I’ve seen men pretend to be women and women pretend to be men in the digital world.
  • For the Money – These scammers are versed in spending time to build up a dependency.  They may send you small amounts of money to build up their credibility. Eventually, it leads to needing money from you. Once this starts, they go for everything they can get.  Many of these scammers know how to pull your heart strings to get what they want.

Your Employer – Sometimes it’s not about exploiting you, but who you work for. Cisco’s 2016 Annual Security Report listed malware delivered via Facebook scams as a top delivery method to compromise organizational networks. Great cybersecurity measures are easily compromised by enticing someone to click a link at work. Some employers block Facebook for these specific reasons.

Protecting Yourself – There are some key steps to protect yourself:

• Setup Security – Many people think their accounts are secure and details hidden. Many people lockdown their posts, but leave photographs, check-ins, etc. open. These are all great data sources for scammers to use against you. Lock everything down and test the setup. Open only the functions that you need to.  (If you have security minded friends or family, ask them for help. Sometimes a second set of eyes spot missed settings.)
• Real World Suspicion – If you wouldn’t do it in the physical world, don’t do it in the digital world. If you met someone on the street who said they lived in your neighborhood 20 years ago and ten minutes later asks for your Social Security Number to give you $2000, you’d be suspicious. You should use the same scrutiny and judgement, and more so, in the digital world. Just because someone says something is true, does not mean it is. It just means they said it. “Never assume anything is true until you verify it yourself.” If it sounds too good to be true, 99% of the time, it is not true.  Be cautious.