The many ways you can be scammed on Facebook, part II

In part 1 of this article series, we looked at data mining schemes, scam ad campaigns, concert tickets scams, and PayPal fund transfer scams. Today, we continue to list down the other scams you might encounter on Facebook.

Bitcoin trading scam

Who would have thought that a “simple” phishing scheme would be a front to a global Bitcoin trading scam?

Researchers from vpnMentor uncovered a scam operation with “many complex layers” not so long ago. According to their blog post, it starts off as an attempt to harvest Facebook credentials.

How do the fraudsters get users to hand over their credentials? They lure them in with the promise of revealing details on who has visited their profile.

vpnMentor visitor list 600x366 1
One of the many phishing pages designed to nudge Facebook users to give away their credentials. (Above and below screenshots courtesy of vpnMentor)
vpnMentor FB creds 600x381 1

After a Facebook user keys in their username and password, they are shown a purported number of people—32 of them—and a list of who has. viewed their profile. Or not, as some users report.

vpnMentor boo app 600x386 1
Complaints about this Facebook app “not working” (Courtesy of vpnMentor)

Fraudsters then use the stolen Facebook credentials to hijack victim accounts and spam comments to their network. The spam contains a link to another batch of scam websites, intending to point people to a Bitcoin scheme that is fraudulent.

Not all spammy post contain a link to the fake Bitcoin sites though. At times, users are deliberately directed to fake and even legitimate news sites, according to vpnMentor researchers. This is to confuse Facebook’s algorithm, thus preventing hijacked accounts from getting blocked. However, the fake sites eventually lead to fake Bitcoin sites, too.

Facebook users who arrive at this point are encouraged to sign up for a free Bitcoin trading account and deposit 250 Euros so they can start trading.

Facebook grant scams

COVID-19-related scams appear to be the scam du jour. And since Facebook began its grants program to small businesses heavily affected by the pandemic, scammers have angled their phishing campaigns to make it sound like Zuck is doling out money to all Facebook users affected by COVID-19.

Kaspersky has reported on one variant of this phishing scam, which started off with a fake CNBC report about Facebook giving grants to users hit by the pandemic and a link to where they can apply for one.

kaspersky fb grant 277x600 1
CNBC did cover the Facebook grants story, but this is not it. Also, fbgrantapplication[dot]ga—and probably other URLs–doesn’t really seem legit, does it? (Courtesy of Kaspersky)

Users who visit the URL are taken to a site that resembles the official site of Mercy Corps, an organization offering humanitarian aid, where they are asked for their Facebook username and password. The site also asks for more personally identifiable information (PII), such as physical address, SSN, and even an ID scan, to verify your Facebook account, which the fake site claims is needed to accept a grants application.

At this point, users have not only granted fraudsters access to their Facebook account, but also fed them enough information to enable them to pose as you and attempt to access your other accounts.

The Federal Trade Commission (FTC) has also reported not just on grant scams but also other pandemic-driven money offers, such as food support coupons and giveaways, purportedly being spread by accounts using big-name brands like Target, Walmart, Pepsi, and Whole Foods.

In addition, Facebook users may have received messages on Messenger and WhatsApp, in English or Spanish, from a friend, family member, or contact asking them to click a link where they can claim “free money”. This campaign, the FTC has noted, would lead users to a survey scam phishing page asking for personal information.

Like the PayPal fund transfer scam in part I, fraudsters pose as someone their victim knows in the hope they will let their guard down and freely talk in confidence. Letting the conversation take place in a private space benefits the bad guys because oblivious owners of hacked or mimicked accounts won’t be able to warn anyone about their hacked account or accounts impersonating them.

“Secret sister gift exchange” scam

This is probably one of the most common pyramid schemes seen on Facebook.

Malwarebytes reported on this holiday-specific scam a couple of years ago, but the Secret Sister scam has been going on and off Facebook since 2015. That said, it shouldn’t surprise anyone to see it rear its ugly head once more.

In this scam, a Facebook user tags some contacts in a post with a message along the lines of this: buy an item from a shop worth $10, send to someone, and expect a 6-to-36-fold return of items from others who participate in it.

malwarebytes secret sister scam1 600x430 1
This is what some samples of the “Secret Sister Gift Exchange” scam looks like this year. The screenshot below shows how one “rebrands” this scheme to “20/21 Winter Wishes”.
malwarebytes secret sister scam2 600x282 1

This may seem harmless, and one may feel this has merit considering what a terribly difficult year 2020 has been to a lot of us. After all, who doesn’t want to receive gifts from all your friends and family, or random strangers?

But while the act of exchanging gifts among school friends, family, or even colleagues is encouraged and very much allowed, gift chains like the secret sister gift exchange, on the other hand, is not. Participating in it is considered gambling and, thus, you’re actually breaking the US Postal Inspection Service’s gambling and pyramid scheme laws.

As we’ve also pointed out, taking part in the secret sister gift exchange—along with its other variants—could potentially result in data harvesting, especially if the prerequisite to participate is handing over your personal information along with the personal information of friends or family.

Like-farming

Like-farming is an oldie but goodie practice that both legitimate commercial parties and scammers do to raise the popularity of a post via likes and shares.

Liked and shared posts are generally benign. But they suddenly become dangerous when, after accumulating a target amount of likes and shares, scammers edit the original posts to include links to a malicious file download or a phishing website, or to promote spammy products. Facebook pages that have garnered a huge following can also be sold on the underground market, either to be used by other scammers for their campaigns or to harvest follower data that Facebook, by default, provides them.

In June, the Better Business Bureau (BBB) put out an article warning people about a Facebook post advertising a free RV and using the pandemic to lure people in. The post goes like this:

“With a lot of people out of work and Covid-19 keeping them out of work we know money is tighter more now than ever! So by 4 PM Monday someone who shares and also comments will be the new owner of this 2020 Jayco Greyhawk RV, paid off and ready to drive away, keys in hand – Jayco.”

This is reportedly the content of the Facebook post on the fake Jayco RV campaign that made the rounds in June.

The company the scammers were impersonating, Jayco, reported the page to Facebook.

How to stay safe on Facebook

  • Report dubious social media posts. It’s good that Facebook has a feature that enables their users to easily report posts they deem are suspicious, scammy, illegal, or downright harmful to other Facebook users’ wellbeing. You can find this feature by clicking in the upper-righthand corner of the Facebook post in question and picking either “Report post” or “Report photo”.
  • Never give out details about you and others. Don’t let you or any of your Facebook contacts become targets to scams or identity theft. Be wary of anyone or anything that asks for personal information.
  • Like and Share wisely. If a supposed giveaway sounds too good to be true, it probably is. So, hold off liking or sharing that post, and report it instead.
  • Always look for the blue checkmark on pages of popular brands and public personalities. Verifying their legitimacy is an amazingly simple yet often neglected practice. So if you want to like or share something that is legitimate and safe for your contacts to like and share, too, make sure that post is from a verified account.
  • Update your browser regularly. This doesn’t only keep new vulnerabilities at bay, it’s another layer of protection you can depend on.
  • Scrutinize URLs closely. Not every scammy campaign is sophisticated or difficult to spot. Start with the URL – if it’s obviously not for the website in question then step away.
  • Reach out to friends and family outside of Facebook or Instagram. If you’re not sure if a message is from the person it says it’s from, give them a call or send them a text message to check they really did send it.
  • Be wary of “free”. Yes, free things are nice—but it shouldn’t cost you anything, and that includes your personal details or a small amount of money that you must pay first. If you see a supposed government grant doing the rounds on Facebook, go to that agency’s official webpage to verify it or give them a call.
  • Change your login credentials immediately. No one is immune from being sucked into a fraud. If it does happen to you, contact your bank, report it, and consider credit monitoring, too. And if you used the same password on other sites, change them and remind yourself that reusing passwords is always a wrong move.

Facebook scams will always be around, so make sure you stay up to date, keep your eyes open, and lend a helping hand to your friends and family who use Facebook too. Remember that helping one contact stay safe on Facebook also helps you secure your account and others’, too.

Stay safe!

The post The many ways you can be scammed on Facebook, part II appeared first on Malwarebytes Labs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source