Imagine helping a friend out, only to later realize that you've unknowingly exposed yourself to a scam, resulting in a significant financial loss. To make things worse, this "friend" is actually a hacker who has taken over your actual friend's Facebook account. This might sound far-fetched, but this scam is extremely sophisticated and capable of fooling just about anyone. This well-crafted scheme involves cybercriminals employing Facebook Messenger to deceive individuals into sending money through PayPal. Still, following? Don’t worry, we’ll explain!
| 62% of Facebook Users Encounter Scams EVERY Week
In this blog, we'll take a closer look at the mechanics of “Facebook-PayPal scams”, offer tips on how to avoid them, and highlight how having security software like Guardio can provide essential protection for you and your loved ones. Let’s jump in!
Since their inception in the early 2000s, both Facebook and PayPal have unexpectedly become the breeding ground for sneaky cybercriminals. Due to their massive user base, communication ease, and data sharing, they both offer the perfect environment for cybercrime. While PayPal has long been a favored target for phishing scams, a newer and far more sophisticated scheme has emerged, one that uses social engineering and cleverly exploits the unique dynamics of Facebook. This new type of scam takes the trust we put in both platforms and uses it in order to craft a scam that can catch the most tech-savvy people off guard - leaving them utterly blindsided.
Hold on to your seats, as there are multiple steps to this scam with a number of victims along the way, we’ve even created a fancy diagram to illustrate it (see below)
This is how it works:
You get a message from a friend on Facebook Messenger.
- Victim #1 - A friend's Facebook account has been hacked.
The friend (or rather, a hacker who has hijacked your friend’s account) claims that they sold some stuff and were getting paid via PayPal, but they have a limit on their account. What a sad story, huh? If only they had a friend that has a PayPal account and can receive the money for them… wait, that’s you!
They ask you to receive money in your PayPal account, withdraw it, and then send it back via bank transfer. Sounds legit, right? After all, this is a good friend of yours. You message each other often - which is how the hacker knows how to find you. Of course, you'll help your good friend. Why wouldn’t you?
You check your PayPal account, and you see that you’ve received the payment.
- Victim #2 - The money that was sent to you is actually stolen and is coming from a hacked PayPal account.
Because you’re an awesome friend, you bank transfer the money to your Facebook “friend” right away.
- Victim #3 - That’s you! The money that was transferred to you (via PayPal) will eventually be charged back to the original PayPal owner's account. Leaving you without that money and the money you sent the scammer.
Now, the scammer has the money in their bank account and disappears into the sunset with your cash in their pocket.
What’s even worse is that when the original PayPal account holder (victim #2) finds out that they’ve been hacked, they’ll contact PayPal and get the funds back. But because you sent the money via bank transfer, there’s no way to get your money back.
We’ve written about Facebook hijacking before, but since this scam begins with a hijacked account, it’s definitely worth a quick refresher.
Facebook hijacking is when a hacker gains access to someone's Facebook account. There are a number of dubious ways they can do that, like phishing and malicious attacks, or they can even buy stolen credentials for as low as $14 on the dark web. Once they gain access to the account, they can basically lock the original account holder out, change passwords, steal their credentials or money, and, in our case - target their Facebook friends.
Rosie Pritchard was one of the unfortunate souls who fell victim to this horrific scam. It all started when she innocently received a Facebook message from a family friend, who asked her for a favor: "I sold some things online, and my PayPal account is currently limited. Can you receive a payment, withdraw it, and then bank transfer it to me?"
Rosie agreed to help, I mean, what harm can it do to simply help a family friend with what seemed like a technical issue? Little did she know that her kind-heartedness would lead her to a financial disaster. When $450 appeared in her PayPal account from a person named Nigel Stokes (victim #2 hacked account), Rosie acted as a good friend and followed through with the transfer, unknowingly falling into a trap set by scammers who had compromised her friend's Facebook page and Nigel Stokes' PayPal account.
While Nigel was also a victim of this scam because his account was hacked, he complained to PayPal, who refunded him his money back. Rosie, a single mom already grappling with life's financial challenges, wasn’t as lucky. PayPal deducted $450 from her account, claiming that Rosie willingly used them, leaving her with the added burden of dealing with financial distress.
To effectively safeguard yourself against Facebook-PayPal scams and bolster your online security, follow these tips:
Unique Passwords: Always use distinct passwords for your various logins, especially on major platforms like Facebook and PayPal. This will help keep your accounts secure and reduce your risk significantly. Think about it, if you use the same password for all of your accounts, one compromised password can jeopardize multiple accounts.
Stay Skeptical: If you ever receive a request for a money transfer via messages from platforms like Facebook, WhatsApp, Instagram, email, or text, verify the request's legitimacy. Contact the sender directly through a different medium (call them, text them, knock on their door) to confirm the transaction. Scammers can use compromised accounts to trick you into believing they’re something they’re not.
If Rosie had stopped for one second and had just called the friend, apparently asking for help, then all of this would have been avoided. But then - why would Rosie even think she had to call? That's just it. A true friend won't mind you double-checking and protecting yourself.
Browser Protection: Install browser protection tools like Guardio, which provide real-time alerts if you ever encounter phishing attempts, suspicious websites, malicious downloads, or if you’re data is ever leaked. These steps can prevent data compromise and the sale of your information on the dark web.
A friend request or a scam - Why risk it?
Check URLs and Emails: Scrutinize URLs and email addresses closely to identify potential phishing attempts. Be cautious when clicking links or responding to suspicious emails, as scammers often use fake domains and email accounts.
Enable Multi-Factor Authentication (MFA): Activate MFA for your Facebook and PayPal accounts. This extra layer of security helps deter unauthorized access to your accounts.
Contact PayPal: If you suspect any sketchy activity involving PayPal, contact PayPal's security center immediately to report the issue and find out the appropriate steps to take.
The Facebook-PayPal scam serves as a stark reminder that anyone nice enough to help a friend can fall victim to deceptive tactics. This sophisticated scheme preys on trust and familiarity, making it crucial to exercise caution. By using unique passwords, enabling multi-factor authentication, and staying on guard(io) when receiving unexpected requests for money, you can protect yourself. Tools like Guardio provide an extra layer of security by actively scanning for threats and warning you about suspicious websites and downloads. Stay informed, stay cautious, and most importantly, stay safe.