Steve Weisman is a lawyer, college professor, author and one of the country’s leading experts in cybersecurity, identity theft and scams. See Steve’s other Con Watch articles.
With more than a billion users around the world, Facebook is extremely popular with the public, and anything popular with the public is going to be a magnet for scam artists. Facebook is a platform for a multitude of scams, but with a little knowledge, you can avoid being a victim.
Popular Facebook Scams
Free Airline Tickets
In the past few weeks, posts that appear to be from either Delta or Southwest Airlines offer free plane tickets as a way of celebrating the 88th birthdays of each of these airlines. Here is a copy of one of the posts.
In both of these phony posts, you are required to like and share the post as well as complete a survey in order to receive your “free” tickets. Unfortunately, there are no free tickets, and if you complete the survey, you are turning over information to a scammer who can use it to make you a victim of identity theft. Neither Delta nor Southwest offers free tickets in return for answering survey questions.
The crux of this scam is that by getting people to share and like the post, the scammers take advantage of Facebook’s algorithms that value the popularity of posts measured by the number of likes and shares they receive. Scammers are then able to change the content of what is being shared or liked to something entirely different through a technique called farming. This is often done in order to send advertising or gather marketing information, but it also is done by scammers to send malware-infected content than can steal personal information from your computer or phone and use it to make you a victim of identity theft. Ransomware can also be transmitted in this fashion.
Whenever you see an offer like this that is just too good to be true, your best bet is to contact the company directly to inquire whether or not the offer is indeed legitimate.
By the way, Delta and Southwest began doing business in 1924 and 1967, respectively, so neither is celebrating its 88th birthday.
Quite often I receive “friend” requests from people who are already Facebook friends of mine. This is an indication that someone has set up a new Facebook account in their name and is attempting to lure their friends into becoming friends with the scammer. This scam is referred to as either Facebook cloning or Facebook spoofing. The goal of the scammer is to get people to respond to the new friend request then to lure these friends to trust communications and posts from the cloned page for a myriad of criminal purposes. Scammers will entice their victims to click on links and download malware, provide information that can be used for purposes of identity theft, or respond to emergency requests to send money.
Fortunately, there are several things you can do to protect yourself from this type of scam. Don’t accept a second request from a Facebook friend. Also, when accepting friend requests, don’t do it from the friend request email. Instead, go directly through your browser to your Facebook page. The link in the email could be a phishing scam seeking to steal your password or other information.
If your Facebook account has been cloned, Facebook has tips about what to do and how to report the problem.
Games and Surveys
You’ve probably recently seen posts from friends on Facebook that say, “10 Concerts, but there is one act that I haven’t seen live. Which is it?” While this particular post may be nothing more than an entertaining, harmless diversion, games or surveys such as this are used by scammers to create spear phishing emails used to make you a victim of identity theft. Your response may provide information about your approximate age and preference in music, which then can be used to craft a spear phishing email tailored to appeal to your particular interests.
Tips for Avoiding Scams on Facebook
1. Don’t Share Personal Information
One of the problems of social media in general is that we share too much personal information, which can then be exploited by scammers and identity thieves. For instance, scammers might see family photos identifying your grandmother and that you refer to her as Nana. When you are away on vacation (which you also posted on social media), a scammer calls “Nana” posing as you and asking her to send money for an emergency.
2. Manage Your Privacy Settings
In regard to games and surveys, such as the 10 concert game, if you are going to play, you should adjust your privacy setting so that only friends and not the general public can see your answers.
3. Pare Down Your Friends List
Only accept friend requests from people you actually know.
4. Always Be Suspicious
Remember my motto, “Trust me, you can’t trust anyone.” Never click on links in any communications until you have confirmed that the message is legitimate. The risk of downloading malware from a tainted link is just too great.