Facebook phishing posts: What are they and how to stay safe?

October 3rd · 10 min read

Rotem Tal - Senior Cybersecurity Expert |Writer & Editor|
Rotem Tal - Senior Cybersecurity Expert |Writer & Editor|

The rise of social media scams

Like it or not, you can’t ignore the fact that social media has become an integral part of our daily lives. While platforms like TikTok, Instagram, and Twitter boast their fair share of users, Facebook stands as the undisputed leader in terms of user base, with a whopping 2.8 billion monthly active users. However, this impressive figure not only crowns Facebook as the godfather of social media but also paints a massive bullseye on its back, attracting the attention of cybercriminals. From all the various threats users face on Facebook, phishing posts are among the most dangerous.

| 95,000 Americans lost more than $770 million due to fraud initiated on social media.

In this article, we'll delve into the world of Facebook phishing posts, exposing their risks, and offer some concrete tips on how Guardio’s online security tools can keep you safe from falling victim to these nasty scams. Let’s boogie!

How secure is your social media account?

Guardio's extension will alert you and block phishing posts!

Facebook phishing posts: How common and dangerous are they?

Imagine this: A seemingly innocent post appears on your Facebook feed, promising a chance to win a brand-new iPhone just by clicking a link. Tempted by the offer, you click without a second thought. And just like that, without even realizing it, you're now trapped in the net of a Facebook phishing post.

You may be thinking, “So what, I’ve clicked a link, what’s the worst that can happen?” Glad you asked - Phishing posts on Facebook happen more than you might think; in fact, they’re alarmingly common. According to 2022 statistics, there were 300,497 social media phishing victims, with a total loss of over $52 million. The vast majority of those were on Facebook But what exactly are Facebook phishing posts? Let's break it down.

Understanding Facebook phishing posts

Facebook phishing posts are misleading messages or advertisements that aim to trick people into revealing sensitive information or performing actions that could compromise their security. Unlike clickbait ads that just want to navigate you to a website in order to sell something or get higher web traffic, phishing posts are literally designed to scam you.

The posts often masquerade legitimate offers, contests, or links to intriguing content, luring you into sharing or clicking the post itself or reeling you into providing your personal information. Once you take the bait, cybercriminals can gain access to your data, steal your identity, or engage in other malicious activities.

Hook, line, and sinker — How phishing posts work

If you’re anything like me, when you’re scrolling Facebook and come across an interesting post, you’re more than likely to click it. That’s exactly the reason Facebook phishing posts are so effective at deceiving people. They often use social engineering techniques, like creating a sense of urgency or playing on emotions like curiosity and fear.

Facebook post too good to be true? Its probably a scam!

Guardio’s online security tool can tell you if they are or not and keep you safe.

Be careful what you share - Facebook phishing posts with a twist

Have you ever come across a Facebook post on your timeline that you didn't share, and you're certain your account hasn't been hijacked? Chances are, you've encountered a sneaky scam that's duping people into unwittingly promoting phishing links. Yep, that’s right, an evil twist on Facebook phishing scams is the manipulation of shared posts after they've been posted.

Here's how it works: You come across an intriguing or heartwarming post on your Facebook feed, perhaps a moving story about a lost pet or a call to action for a charitable cause. Obviously as good person, the post has moved and inspired you, so you decide to share it with your network, believing you're spreading awareness and positive vibes. However, scammers aren’t about good vibes at all and what you don’t realize is that some unpleasant people have actually created this post. Not only that, they will change the post content after you've shared it, turning a seemingly harmless share into a vehicle for malicious intent.

Confused? Here’s a few examples to clarify:

Post # 1 Let’s say you come across this post that’s asking people to share it in order to help find the parents of an injured, hospitalized child. I mean, who wouldn’t want to help an injured child?

Facebook phishing post

As mentioned earlier, you’re a good person and are eager to help, so you share the post on your timeline. Now you’re probably feeling good knowing you did your part in trying to help this poor girl. A few days go by, your friends and network see the post, and because they’re good people too, they share it. The thing is that the post is like a ticking time bomb that can be altered and changed whenever the scammer wants to. A few days, or even weeks, go by, and you’ve already forgotten about the post, but the scammer hasn’t and turns into a deceptive rental ad or a survey that guarantees a cash payout.

Post #2

Facebook phishing post #2 Image source: 3 News

Seeing that the post is on your timeline, your friends might interpret it as a recommendation for that content. This bait-and-switch approach has two primary objectives:

  • To get your cash - in this example, secure a deposit for a rental property that doesn’t exist. before users view it.


  • To get people's personal information, harvest it, which could potentially result in identity theft.

This twist is particularly insidious because it preys on the trust we place in our friends and connections on social media platforms and also capitalizes on the credibility of our connections. Your friends and followers may see the altered post, which now contains false information, misleading links, or even malicious content. Consequently, your reputation and trustworthiness could be tarnished, and your online security compromised. The worst part is that you've unknowingly helped your friends and family get scammed.

In another example, a West Michigan Facebook group featured a touching post about a found puppy, with the initial poster claiming to seek the owner's help. However, as the post gained momentum through shares, it was surreptitiously altered to become a fraudulent contest riddled with phishing links.

What makes this even worse is that unless you receive a message from a trusted friend or take the time to revisit your own posts, you probably won’t even realize that your Facebook page is now unwittingly promoting a phishing scheme.

Common types of phishing posts

Facebook phishing posts come in various forms, each designed to exploit different psychological triggers and vulnerabilities. Here are some common types:

Fake contests: Posts claiming that you can win a prize if you just click on the post and submit some private data.

Survey scams: Posts that ask you to complete a survey but actually aim to collect your personal information.

Malicious links: Posts with links to seemingly interesting articles or videos that lead to malware or phishing sites.

Friend requests from strangers: Requests from fake accounts impersonate real people to gain access to your friend list.

Fake customer support: Phishing posts that pose as official Facebook help centers or other reputable sources to steal your login credentials.

How to spot a Facebook phishing post

Now that you know the types of posts to look out for let's discuss how you can identify a phishing post on Facebook:

Check the source: Verify the source of the post. Is it from a reputable source or an unknown account with limited activity?

Inspect the URL: Hover over any links without clicking to see where they lead. Be cautious if the URL appears suspicious or unrelated to the post's content.

Examine the comments: Check if others have flagged the post as a scam or if users are reporting unusual experiences.

Look for red flags: Watch out for poor grammar, misspellings, and overly sensational claims in the post.

A closer look at a post can reveal some warning signs like:

  • How many friends does the person posting have? If it’s in the 10’s it might be a fake account.

  • When did they join the group the post was posted on? Was it like yesterday? A definite red flag!

  • Is the photo posted good quality? If it’s blurry, it may have been sourced from the internet - anther red flag.

Despite these telltale signs, scammers are still able to deceive good people into clicking or sharing posts.

The aftermath of falling victim

The consequences of falling victim to a Facebook phishing post can be severe. Once scammers have access to your personal information or Facebook account, they can use it for identity theft, financial fraud, or to launch further phishing attacks on your friends and contacts. You may find yourself locked out of your own account, your personal data exposed, and your online security compromised. Recovering from something like that can be time-consuming, emotionally draining, and sometimes even financially devastating.

Protecting yourself from Facebook phishing posts

But it’s not all bad news, now that you know what you’re up against, we’ll equip you with the information you need to protect yourself from Facebook phishing posts.

Here are some tips you definitely need to keep in your security tool belt:

Adjust privacy settings: Review and adjust your Facebook privacy settings to control who can see your posts and personal information.

Enable Multi-Factor Authentication (MFA): Activate MFA to add an extra layer of security to your account.

Be cautious: Do you really need to share that post? Is that product/contest something that you have to be a part of? Think about it before clicking any links or sharing personal information online, especially if it's unsolicited.

Report suspicious posts: Use Facebook's reporting features to alert them about phishing posts. This helps protect other users too.

Educate yourself: Stay informed about the latest scams and phishing techniques scams to recognize them more easily.

Online security tools: Facebook phishing posts are getting more sophisticated and tougher to spot. That’s why it’s important to have an online tool that will keep you protected. Guardio is a browser extension and mobile app that keeps you safe online. It blocks dangerous websites and immediately alerts you in case you ever press on a Facebook phishing post.

In an increasingly insecure world, Guardio’s security tool gives you the peace of mind you need whenever you're online.

  • 24/7 scam protection.

  • Blocks fake websites and Facebook phishing posts with malicious links.

  • Cross-platform protection (up to 5 devices).

  • Scans your device for malware.

  • Real-time identity theft protection.

  • Family protection (up to 5 family members)

The bottom line

In a time where “lost puppy” pics and “free giveaway” posts are potential threats, it’s important to always surf the web with caution. By educating yourself on the latest scams, using MFA, and having security tools like Guardio, you’re basically bulletproof from whatever Facebook phishing posts come your way. Remember, it’s always better to be safe than sorry. So install security tools, be cautious, and surf safely!

Worried about phishing on social media?

Guardio can keep you safe online, 24/7. Start your free trial today!

Frequently asked questions about Facebook phishing posts

How common are Facebook phishing posts? Facebook phishing posts are, unfortunately, quite common. They are prevalent on the platform and pose a significant risk to users' online security.

What should I do if I've clicked on a phishing post? If you've accidentally clicked on a Facebook phishing post, it's essential to take immediate action. First, disconnect from the suspicious link or post. Then, scan your device for malware and consider changing your passwords. Keep an eye on your accounts for any suspicious activity.

How can I report a phishing post on Facebook? To report a Facebook phishing post, click on the post's three dots (...) in the upper-right corner, select "Find support or report post," and follow the instructions to report it as a phishing attempt. This helps protect not only yourself but also other users from falling victim to similar scams on Facebook. Learn more.

Be the first to know!

Subscribe to our exclusive mailing list and get the freshest stories from the Guardio team

You may also like