Facebook Friends scam uses cloned pages to trap unwary users: Internet Scambusters #754
In the ever-changing world of social media scams, Facebook Friends are being targeted in the latest con trick.
But it's easy to hide your Friends list, as we explain in this week's issue.
We also have the lowdown on other currently active social media scams.
Let's get started...
Can You Trust Your Facebook Friends?
You get a message from someone you think you know who wants to become one of your Facebook Friends.
Should be okay, right? Maybe not.
Right now, one of the most common ruses on this site is the so-called Facebook clone scam.
In this trick, crooks target Facebook accounts with weak or no privacy settings.
They set up similar sites that mimic the original, stealing all the info and pictures, and then contact all the victim's friends with a fake friendship request, trying to fool them into accepting them again.
It's amazing that some users don't first check their list of Friends when they receive these requests and happily accept the clone as a genuine new friend, whom, they think, they already know.
The crooks then attempt various scams on your gullible Friends, such as inviting them to click links to malicious websites, requesting money, and even trying to trick them into an identity theft scam.
If you're a Facebook user, there are a couple of key steps you can take to avoid this scam.
First, always check requests against your current list of Friends.
Second, hide your list of Friends so no one else can see them or contact them, posing as you. In fact, this is good practice for every Facebook user.
It's a privacy setting not many people seem to know about, but it's easy to do. Here's how:
- Open your Facebook profile (usually by clicking your profile picture and name in the blue bar at the top of the page).
- When your profile page opens, click on the "Friends" tab.
- In the top, right-hand corner, you'll see an editing icon -- looks like a small pencil. Click this.
- Now you get an option to "Edit Privacy." Click this.
- Now you'll see a couple of options, the first of which is "Who can see your Friends list?"
- Click the options on the right for a choice ranging from "Public" to "Only me."
- There are other options here too but choosing "Only me" ensures no one else, not even your Friends, can see this list.
That way, no one can try to scam your Friends in your name -- unless they managed to hijack your account.
Paying for Messages?
Another common scam involves fake messages claiming that one or other of the social media sites is going to start charging for membership.
These are usually harmless, just starting out from someone who's got nothing better to do than waste everyone's time by urging recipients to pass it on.
The latest version claims that people using Facebook's Messenger app, or the popular WhatsApp program, will have to start paying for each message they send out unless they start using the app more frequently. Crazy, huh?
On other occasions though, these types of messages are a prelude to another scam.
For example, the message might contain a link to a phony site that requests your sign-on details, which will enable the scammer to hijack your account, as mentioned above.
The fact is that no mainstream social media or messaging app charges members for their services unless they have to send an SMS text (as Skype does).
For competitive reasons, they're unlikely to start charging, so you can safely ignore these warnings.
Posting fake advertisements with links to malicious websites seems to be an everyday thing on many social media sites.
But the latest trick is a cleverly designed attempt to introduce the well known tech support scam.
Windows users who click on these malicious links are taken to a web page that looks like the famous "blue screen of death" (BSOD), which shows a whole stream or error data.
A genuine BSOD shows up when a computer system crashes but, in the case of this scam, it tells victims they've been infected with a virus and must call tech support.
You know the story from here: victims are either charged an outrageous sum to put things right or they become identity theft victims after giving the "tech support" people access to their PCs.
If you get one of these messages, shut down and restart your PC.
Two To Go
Time for a couple more before we go.
First, watch out for alerts via a messenger app appearing to come from a friend and telling you about a federal grant program that entitles you to up to $150,000.
All you have to do is provide your personal details. Don't!
Second, don't believe those tear-jerking posts about a sick child who will receive $5 from Facebook founder Mark Zuckerberg for every repost of a sad photo and typing the word "Amen" in the comments section.
We don't know Mr. Zuckerberg so we can't say how generous he is or is not. But we do know he's not doing this, and this particular post is just a "like farming" operation, which unscrupulous marketing companies use to gather lists of followers, which they then sell.
Alert of the Week
This week's sneaky phishing trick targets American Express payment card users via a message with the subject line "Unauthorized transaction - AmericanExpress."
It tells recipients their account has to be updated and has been temporarily suspended until they verify their billing information.
There's a helpful "UPDATE NOW" button that leads to a fake American Express Page.
Never click on links in this type of message. Go straight to the official site for your card issuer (in this case www.americanexpress.com) and check out things there.
Time to conclude for today -- have a great week!