Facebook phishing schemes and how to avoid them
15 Dec 2021 | Chen Argote
Facebook and Messenger are no strangers to phishing scams. Since their early days, they’ve always been targeted by cybercriminals who have wasted no time luring and tricking unsuspecting victims into giving up their data or hard-earned money. Today, though, the problem seems worse than ever.
One of the most common and perhaps earliest known Messenger scams involve a message from a friend appearing to be in a dire and immediate need of financial assistance. The plea for help is made to appear so urgent that victims do not have time to verify its authenticity until it’s too late.
These days, scams tend to involve what is known as phishing. It is a type of cybercrime wherein victims are contacted by someone posing as an acquaintance or legitimate institution. They are convinced to provide their personal data (e.g., bank details, accounts, passwords, etc.), which are then used to commit identity theft and and lead to financial losses. While phishing usually relies on email, malicious email attachments, and links to fake websites to steal data, perpetrators have many other different methods, such as the use of social engineering or malware.
With Facebook scams, they tend to be more varied compared to scams facilitated via email. In 2020, for instance, there was that massive phishing campaign that allowed cybercriminals to take over and control over 15,000 Facebook accounts based in the Philippines. The modus was that there would be this paid sponsored post, and anyone who clicked on it will be asked to log into a fake Facebook page. There, their account credentials are stolen. In April this year, several Facebook users ended up being tagged by friends in a post featuring a link to what appeared to be a sex video. Anyone who clicked on the link would again be subjected to a phishing operation. Other schemes saw the involvement of fake investors or companies offering potential business opportunities.
Since many still fall prey to these criminal activities, it is important that people be able to recognize them quickly and avoid becoming victims. These are among the common types of scammers they need to steer clear of:
- Romance scammers. Preying on people’s desire to be admired and loved, these “attractive” scammers will appear very interested in their target, while sharing their tragic love stories. Usually based abroad, they manipulate their identity and pose as someone trustworthy. It takes some time, but they always end up asking for money because of a personal financial crisis or in order to fund their travel so that they can finally meet their supposed “soulmate”.
- Lottery scammers. These criminals take advantage of people’s desire for free or easy money. While posing as legitimate organizations, they tell the target that they have won a contest they’re not even aware they’ve joined. The target is asked to pay a “fee” in order to claim the prize, or is prompted to provide personal data like one’s bank details.
- Loan/credit card scammers. These fraudsters will try to appear as legitimate lenders or banking institutions. They tell their target that he or she is eligible for a loan or credit card with very favorable interest rates. Meanwhile, the loanable amount is high, with minimal documentary requirements and application fees. It’s all a ruse, of course.
- ‘Concerned’ scammer. The “Hey, is this you?” scam has been around for years, but still finds its way to people’s messages. The scammer usually hacks into an account then targets the friends of the unsuspecting individual. He sends them a malicious or embarrassing video and asks them if they’re the one in it, performing some type of blackmail. If effective, the victim is forced to give up personal information and even cash.
- ‘Holiday’ greeter. Like the concerned scammer, this criminal usually operates via Messenger. He sends a message that says something along the lines of “I am send you a surprise message. Open this.” If the target does exactly that, he or she is directed to an unsecure website (i.e., “http” instead of “https”), where he or she will be asked to input personal data without knowing that a malicious computer script is already running in the background. The scammer usually gains access to the victim’s credentials and list of friends, and uses the latter to spread itself to more people.
To deal with these individuals, one doesn’t necessarily have to resort to complicated measures. There are actually simple practices that can be just as useful and are quite effective:
- Never send money to a love interest or friend you have not met in person.
- When you are offered “free money”, pause and think. If it seems too good to be true, it’s usually because it’s false.
- Ignore messages or tagged posts containing suspicious or malicious links. Whatever you do, do not click on the links. It is best to delete them or not engage them at all.
- Regularly check if your account is compromised. On Facebook, look at the devices where you’re supposedly logged in. If you see a device you don’t recognize, log out from it.
- Secure your account. Add an extra layer of security to your account and use two-factor authentication.
- Explore Facebook’s privacy checkup and privacy shortcuts. In Facebook’s privacy checkup guide, you can review topics to help you decide how to best secure your account. With privacy shortcuts, you can also review some options like: (a) control who can see what you share with the platform; (b) manage and limit who can send you friend requests; (c) manage who can tag you on posts; or (d) determine if you want search engines outside of Facebook to link to your profile.
Some people still find these steps a lot to take in and too much of a hassle, especially those who come across them for the first time. But in the overall scheme of things, they are worth it. In today’s digital world, one must always take that extra precaution. It’s often the only thing standing in the way between a minor inconvenience and real-world consequences.