We recently highlighted new steps Instagram is taking to try and clamp down on scammers sending fake messages on their platform. It turns out, other social media giants are walking a similar path for a variety of bogus ads and other attacks. Facebook scams in particular have taken off, despite the company’s efforts to stamp them out.
Facebook is now extending a rollout of their bogus ad reporting tool to Australia, after a variety of popular Australian celebrities kept appearing in fake ads. Regular readers may remember the genesis of this reporting tool being a similar incident in the UK involving popular consumer advice expert Martin Lewis.
Facebook’s ad reporting tool will allow Australian users to flag dodgy investment schemes or hard-to-cancel product trials—this alongside the corporation’s claims to have already shut down some 2.2 billion fake accounts worldwide.
While this is certainly welcome news for users of the social media platform, there’s still an awful lot of bad ads currently in circulation outside of these fake offers and adverts. Below, we’ll lead you through some of the more popular and current Facebook scams, such as efforts to hijack your social media account, swipe personal information, and of course, part you from your money.
Rogue ad campaigns
Scammers will happily compromise social media accounts, and then use them to purchase thousands of dollars of ad space before they can be shut down. In the examples given, one victim only had the ad campaign shut down because his credit card expired—else he feared he’d have been hit by $ 10,000 in credit card debt. Another had adverts running for about $ 1,550 per day until notified by PayPal. Ironically, one of the victims runs a business focused on privacy-themed adverts.
Some of the bogus ads listed certain items at a cheap price to make it look as though it had to be a pricing error of some sort. This is a common tactic going back many years, but the twist here is that the landing pages contained credit card skimmers so anyone paying up for a bargain had their payment details swiped instead.
Concert ticket fakeouts
Facebook is a popular place for some social event wheeling and dealing, especially in dedicated groups and fan pages. It turns out fake messages advertising non-existent tickets are also, sadly, quite popular.
Here’s how it works: Facebook scammers wait for an event coming up, the smaller the better to fly under the radar. At this point, they cut and paste the same bogus “I have free tickets but I can’t make it” message and wait for the replies to come flooding in. They’ll list the typical reasons why they can’t go: “I’m out of town”, “I’m undergoing surgery”, or“there’s a family emergency.”
If you spend enough time digging around, you’ll likely see the same cut and paste missive posted by multiple, supposedly independent accounts. One quick dubious money transfer later and you’ll be out of pocket with no tickets to show for it. Keeping track of event organiser pages when looking for tickets is a must to ensure you don’t fall for the same scam.
Clones, messenger grant scams, and lottery shenanigans
The old problem of “cloned” accounts rears its ugly head once more. Cloning happens when a scammer can’t gain control of a genuine social media account, so they do the next best thing—steal the photo, the bio, and any other pertinent information to replicate the real thing. From there, they try to social engineer their way into the victim’s bank balance.
The smartest part about these Facebook scams is the cloning and mapping out of potential contacts to try and trick. After that, tactics fall back to the more mundane. Scammers will message contacts with: “I’ve been in an accident and need help”or “I’m overseas and have lost my wallet” pleas for help. In this case, “A grant is available” is a commonplace and quite an old technique. The current keywords to set off alarm bells include gift cards, world bank, and grants. If you see any of those suddenly dropped into a conversation, it’s almost certainly going to be a scam.
If in doubt, check that the person talking to you is actually in your friends list—clones won’t be. Additionally, if it is genuinely your friend that doesn’t mean the danger is over. What it actually means is that they were probably compromised and don’t know about it. In both cases, find an alternate means to get in touch and verify the who, what, when, where, and why.
Lottery messenger scams work along similar lines. They claim you’ve won a prize, but once you’ve contacted a third party to claim your winnings, you’ll find you need to send them money for a variety of not quite plausible reasons. Often, the profiles telling you that you’ve won will imitate Mark Zuckerberg.
Don’t get fooled on Facebook
Looping back around to our initial fake Facebook ad problem, you can read a little more about how they operate under the hood over on BuzzFeed. We’ve covered many Facebook fakeouts down the years, our most recent being the wave of bogus Ellen profiles pushing movie streaming services.
The good news is that most, if not all, of these Facebook scams have been done before. If you’re not sure, a quick search will reveal prior examples covered on news sites, security blogs, or forum posts.
Always be cautious, remember the old “if it’s too good to be true, it probably is” routine, and keep yourself scam free on social media.
The post Facebook scams: Bad ads, bogus grants, and fake tickets lurk on social media giant appeared first on Malwarebytes Labs.