18 Facebook Scams and How Cybersecurity Experts Spot Them

JGI/Jamie Grill/Getty Images

Fake medical fundraisers

Unfortunately, common social media scams will often exploit sad stories like a heartbreaking diagnosis or life-threatening disease for ulterior motives. Scammers may send messages or create posts on Facebook pretending to be people diagnosed with cancer or recovering from a horrible car accident and ask for help with medical bills.

Preying on people’s sympathy and kindness, these con artists will request donations to a GoFundMe webpage or through a third-party app like Venmo or CashApp. The pleas are often sent from copycat Facebook accounts (with real photos and stolen information), which disappear entirely once the money is transferred. Keep in mind that your money isn’t protected if you use a third-party app to donate to a fake fundraiser, which is why Venmo, CashApp and Zelle scams are so common.

Clickbait scams

Another Facebook scam is known as the “like-farming” or clickbait scam. According to the Better Business Bureau (BBB), fraudsters create posts meant to elicit some sort of strong emotional reaction. One version offers a tempting sale or promotion on products if the user “likes, comments and shares,” while others aim to get users to share the post as many times as possible through heartwarming pictures or faux-activism posts. When the post picks up enough steam (and likes or shares), the scammer will edit it to include a link to—you guessed it—a scam site.

The site could potentially put malware on your computer or require personal information (sometimes including credit card or Social Security numbers) to claim a prize. If a post requires extensive sharing or personal information, it’s best to be wary and check the original source for legitimacy. Phishing scams on Facebook are sneakier than you might think, with numerous scams reported each year.

Yaroslav Olieinikov/Getty Images

Giveaway scams

Free iPad giveaway? Sign me up! But wait—before you click that sweepstakes link, ask yourself whether it seems real. It could be a common scam found on Facebook and Instagram. Here’s how it works: Fraudsters create fake giveaways to fool users into sharing personal information (like a credit card number) or clicking a link that could download a virus onto their phones or computers. 

Of course, there are legitimate sweepstakes, raffles and giveaways. “But there’s usually an end goal there,” Velasquez says. Most companies are hoping that the promise of a free iPad (or flight, jewelry or cash) will entice you enough to, say, sign up for a newsletter or buy a product.  

So how can you tell if a post is legit? For starters, never give any personal information—if it’s truly a free giveaway, the company won’t need your credit card info or an up-front shipping or processing fee. Remember that fake ads exist, so even if the company seems real, it could be a phony. Double-check the brand’s official Facebook page. Also weigh the chances of winning with what you’ll lose once the company knows your email address or phone number. If the company doesn’t store your information securely, hackers could gain access to it and use it for fraud or sell it on the dark web. 

Lottery scams

You received a message from a stranger who recently won the lottery and, in an attempt to pay it forward, wants to give money to strangers—including you. It sounds too good to be true … and it is. As the BBB points out, there’s no such thing as free money on social media. If someone claiming to be a recent lotto winner reaches out, ignore the message. Should you respond, the con artist will try to convince you to fork over money for “processing fees,” typically in the form of gift cards. That alone is a red flag, but another sign your so-called lottery winner is a scammer: They tell you that you have to act fast. 

Facebook quiz scams

Your friend just found out what ’80s pop star best represents them, and now you can’t wait to find out yours. Don’t let your curiosity get the better of you, though. Some Facebook quizzes will ask for access to your profile, and others will even go a step further by throwing trick questions into the quiz itself, says Adam Levin, the founder of global identity protection and data risk services firm CyberScout and the author of Swiped.

Questions like “What’s your mother’s maiden name?” are “purely to gather information because … they could be the answers to security questions” to recover your password, he says. Once hackers have this information, they can use Facebook’s password-recovery process to log in to your Facebook account. Be careful not to share your email address or phone number either; they, too, can be exploited by hackers and data brokers.

It’s best to avoid these quizzes altogether. But if you do want to take a quiz on Facebook, stick to the sites you know and trust, and create fake answers for password-recovery questions so they’re hard to crack, says Levin. It might be easy enough for Facebook scams to figure out your mother’s maiden name, so leave an easy-to-remember lie in that log-in field instead.

Jetta Productions Inc/Getty Images

Cloned accounts

Be skeptical if you receive a friend request from someone you could have sworn already had a Facebook page. Sure, some people like to clean house by ditching their old profiles, but other friend requests aren’t so innocent. Scammers will clone a person’s entire Facebook profile, creating a fake profile of a real person.

From there, they can search the original user’s friends list and send their contacts a link for a get-rich-quick scheme or a cute quote. It’s the kind of thing you’d ignore from an anonymous email message, but not from a loyal friend. So how do you know if you’re chatting with a scammer? 

“They’re banking on the fact that you will trust the message,” says Levin. The problem is, clicking that link could download malware to your computer. Before you accept a weird friend request, shoot over a text or call the person to confirm it’s not a fake account. Learning how to hide your friends list on Facebook can also protect your contacts if you fall victim to this scam in the future.

Spoofing attacks

Even if you haven’t received a new request, don’t immediately trust a message from a friend you can’t see face-to-face. Hackers can find a person’s password and break into their account, then send spoofing messages or posts to their friends asking them for money or other gifts. The messages are designed to tap into your emotions, causing you to panic and send the money without fully thinking it through.

In addition to using a friend’s profile to carry out a spoofing attack, scammers might also impersonate famous people or organizations in common social media scams. For example, there are dozens of accounts posing as Meta CEO Mark Zuckerberg, sending users messages with claims that they’ve won money in a “Facebook lottery” and need to send gift cards to claim their winnings. Once the fraudsters receive the gift cards, they disappear.

Have a nice day Photo/Shutterstock

Spam messages

With “cloning” of social media profiles on the rise, it makes sense to be aware that it might happen to you too. But don’t instantly believe your friends. Reportedly, the same exact message has been sent to countless Facebook users, directly from another friend, but it’s a hoax: “Hi … I actually got another friend request from you yesterday … which I ignored so you may want to check your account. Hold your finger on the message until the forward button appears … then hit forward and all the people you want to forward too … I had to do the people individually. Good Luck!”

While forwarding the message won’t spread malware, it does mean you’re unnecessarily spamming the inbox of everyone you know. Instead, search your own name for an identical account to yours, and ask friends if they’ve had any fishy requests if you’re looking to identify scammers. Report the fake profile if the warning is legitimate and ignore the message if there doesn’t seem to be a threat.

Fake coupon codes

Liking a store’s or restaurant’s fan page—or even keeping an eye on the ads—can be a great way to stay in the loop when there’s a sale or discounted offering. If a post shows a promo code and it works, lucky you! You just saved some cash. But be skeptical if you need to give personal information or create an account to unlock the savings. In some Facebook scams, a site poses as a real store but is looking to convince you to share your email address (which can be used in phishing attacks) or other personal information like your credit card number or SSN, putting you at risk of identity theft.

You can avoid online fraud on social media by doing your own research on the sale or advertisement. Open a new browser tab and Google the store’s official website. “Go to the source and see what’s going on,” says Velasquez. If there’s a genuine promotion, you can bet the store’s official site will let you know.

Chesnot/Getty Images

Facebook Messenger scams

To protect yourself from Facebook Messenger scams, it’s important to stay vigilant against their common tactics. Scammers often use Facebook Messenger to send users requests for money or fake offers for loans or lotteries. While these messages take many different forms, they all have one thing in common: Fraudsters are preying on our need or desire to appear generous, be a hero or win money.

If you did not initiate contact with the person who is messaging you—whether it is a friend or a stranger—Velasquez recommends going directly to the source. “People often trust DMs from their contacts because of that connection,” she says. “However, social media account takeover is so common that we advise people to verify who they are talking to through a different channel, particularly if the message is asking for help, money or information, or it’s from a contact you have not interacted with directly before.”

Fundraiser scams

Particularly after a major tragedy, you’ll see plenty of ads and posts from charities offering to help the victims. While some of those fundraisers really will go to the people who need the support, others could just be scammers preying on your caring spirit, says Levin.

Scams that pop up after natural disasters, mass shootings or other tragedies are typically after your personal information or money. Clicking a link from those schemers could put malware on your computer—or worse, your money won’t go to victims of the tragedy, but straight into the pocket of a crook.

To keep your money safe, do a Google search of the charity organization instead of clicking the Facebook post link, says Levin. Visit a site like Charity Navigator or GuideStar, which both rate nonprofits on how helpful they really are. Seek out a trusted charity instead of donating to the first you see advertised.

damircudic/Getty Images

Malware attacks

If a friend tags you and a handful of other friends in a Facebook post, your first instinct might be to click the link, even if the video looks suspicious. But don’t be sure that it really was your friend who tagged you—a hacker might have gotten into their account instead.

More than likely, the link will send you to a site that asks you to download a Flash player update. You click the link, which immediately starts to download malicious software called malware to your computer.

In another version of a malware attack, a hacker might use your friend’s account to leave you a message like, “OMG look what they’re saying about you!” They’ll prompt you to click the link to find out what’s going on. “It’s really about engaging your curiosity and getting your curious nature to say, ‘I want to know,’” says Velasquez.

But don’t click! A vague message (such as “Did you see this picture of you?”) is suspect, and clicking it could download malware, says Velasquez. However, if you do click a suspicious link, watch out for the signs your computer has been hacked.

Romance scams

Think twice before accepting friend requests from people you don’t know—it could be the first step to falling for a romance scam. The interactions start out innocently enough: The stranger on the other end is just looking for friends and starts opening up, and the two of you swap personal stories. Soon, you feel like “real” friends, and there even seems to be a romantic spark.

In reality, this is one of the tricks con artists use to win your trust before scamming you. When they ask you for money or other gifts, you jump at the chance to help this close friend. But the other person has been lying the whole time, working to gain your trust. Now that they have it, they’ll claim they need money for a made-up emergency that keeps snowballing and eventually drains your bank account dry. According to the Federal Trade Commission, people lost nearly $1.14 billion to romance scams in 2023, averaging $2,000 per person. 

DjelicS/Getty Images

Job scams

As more and more people embrace the working-from-home lifestyle, scammers are keener—and more well positioned—than ever before to profit off the hype. One way they attempt to sway you is by offering too-good-to-be-true jobs and salaries that would allow users to make an unbelievable amount of money from home. They collect vital data from the users (sometimes including bank account statements, records and Social Security numbers) and then resell it to the highest bidder on the dark web.

In other iterations, the scam resembles a pyramid scheme, in which you must first send in money or buy products to reach your “inevitable fortunes.” It’s best to do some research into the company and not click on any offers that seem unrealistic.

Fraudulent apps

Beware of advertisements for apps or features on Facebook that claim to allow users to see who views your profile. Facebook has (and shares) a ton of your data, so it would make sense that it also would open the door to let you see who’s been clicking your profile. But that’s one line that Facebook won’t cross, according to its official stance. Even third-party apps don’t have the ability to track who’s been looking at you. If you do see an app or feature that claims it can reveal who’s been watching you, you can report it as a fraud through Facebook’s website or the Apple or Google app stores.

MStudioImages/Getty Images

Secret Santa scams

At first, it sounds like a great idea: A stranger is setting up a secret Santa in which you send one person a $10 gift, and three other people will send you one too. But like those old snail-mail lottery ticket chains, there’s no guarantee you’ll get your money back in this Facebook scam. 

If no one else follows through with sending your gift, you might not get anything in return. Even worse? “You just gave your home address to a stranger with a list of stuff you like,” says Velasquez. “Is the return really worth the investment?” Bad actors could use your home address to carry out doxxing attacks, and sharing other personal information could reveal the answers to your password security questions, leaving your account vulnerable to hackers.

Phishing scams

If you receive a direct message or email from Facebook saying your account is being disabled, take a close look at the sender. Fraudsters are impersonating Facebook in phishing scams designed to steal your information or sneak malicious software onto your computer. The phony messages will include a fake link to recover your account, and the page it sends you to will ask for your login information and potentially other personal data. Never click a link without confirming it’s real—pay close attention to the URL, knowing that scammers can sneakily create web addresses that are close to the real thing. Skip this step, and you could end up inviting malware onto your device or giving away your personal information. Your best option: Log in to your account directly through your browser; if your account truly has been disabled, you won’t be able to get in.

SDI Productions/Getty Images

Facebook Marketplace scams

More than a billion users buy and sell goods on Facebook Marketplace each month, but fraudsters are also using this online shopping platform to steal people’s money. Some Facebook Marketplace scammers may ask you to pay or communicate outside of Facebook, while others might list phony rentals, giveaways or other products. There are several red flags of Facebook Marketplace scams, but here’s the most important thing to know: Facebook’s Purchase Protection covers only those payments made through Facebook Checkout, so anyone who pushes you to pay with a different app is likely a scammer.

How to avoid Facebook scams

Social media can feel like a danger zone when it comes to fraud, but our experts are here to help. These are their top tips to secure your account:

• Don’t click on any suspicious links. Short links or sensational-sounding videos are red flags for scam posts, according to the BBB.

• If you receive a notification that your account might be deleted or was hacked, log in directly through your browser rather than through the link provided in the message or email.

• Review your account’s privacy settings regularly, and adjust them to protect your information from people who are not connected to you. Here’s how to make your Facebook profile private so that your information remains hidden from those not on your friend list. Velasquez also recommends reading Facebook’s privacy policies and terms and conditions to understand how your information and data are being used.

• Create a strong, unique password and set up two-factor authentication on your account. Don’t share the authentication code with anyone.

• If you receive an odd or unusual message from a friend through Facebook, get in touch with them outside of Facebook to confirm that the message is real.

• Be on the lookout for strange typos or wording signaling the scammer may not be who they say they are.

• Never share personal information like your Social Security number or credit card info through Facebook Messenger or any other Facebook platform.

• Delete friend requests from people you don’t know.

Additional reporting by Marissa Laliberte.

Why trust us

Reader’s Digest has published hundreds of articles on personal technology, arming readers with the knowledge to protect themselves against cybersecurity threats and internet scams as well as revealing the best tips, tricks and shortcuts for computers, cellphones, apps, texting, social media and more. For this piece on Facebook scams, Brooke Nelson Alexander tapped her experience as a tech and cybersecurity writer to ensure that all information is accurate and offers the best possible advice to readers. We rely on credentialed experts with personal experience and know-how as well as primary sources including tech companies, professional organizations and academic institutions. We verify all facts and data and revisit them over time to ensure they remain accurate and up to date. Read more about our team, our contributors and our editorial policies.

Sources:

• Eva Velasquez, CEO and president of Identity Theft Resource Center
• Adam Levin, founder of CyberScout and author of Swiped
• BBB: “BBB Tip: Like-Farming is a Facebook scam still going strong”
• FTC: “Slow your scroll: Spot and avoid social media giveaway scams”
• FTC: “Free money on social media? Nah. It’s a scam”
• FTC: “‘Love Stinks’ – when a scammer is involved” 
• Facebook: “Privacy Center”