Podcast: Play in new window | Download
Subscribe: RSS
Episode 21: Lost and Found – The Dark Side of Facebook Scams
3 Common Facebook Scams and How to Recognize Them
Facebook scams are not new but they seem to be increasing, and becoming a little more sophisticated in some cases. We review 3 of the more popular scams being used on Facebook as of this episode, and how you can avoid them.
- The Missing Child Scam – a post and picture of a “missing child” is circulated on Facebook. Why would anyone do this and what do they hope to gain? Plus, how can you recognize this scam?
- “I found someone’s dog” scam – The poster claims to have found a missing dog or cat and is trying to connect to the owner. They are asking for help so naturally people share and like the post. Often the pictures are taken from a real missing dog or cat post.
- The Unbelievable Job Offer (Amazon) – The post advertises a well-paying job, typically working from home. While Amazon is often the job being offered it is not exclusive to Amazon. Why would anyone advertise a fake job?
How can you recognize these and other fake/scam/phishing posts and what should you do when you spot them?
Transcript
People are the weakest link in any cybersecurity plan. We’re distracted, exhausted and often unmotivated. It’s time to change the approach used to protect our businesses, technology, identity and data. The human element has to be front and center in the war against data breaches and ransomware attacks, it’s time to educate.
Long time ago, I used to work at a warehouse. And remember one Christmas time holiday season, my boss gave me some scratch off tickets and scratch them off. And tickets said I want $2,000. And I was like autist is a great Christmas at the time didn’t have a lot of money. I still don’t have a lot of money, but anyway, didn’t have a lot of money. And I thought this is great, I’m going to be able to, to get some cool stuff for Christmas. I’m just the one kid at the time thought I’d be able to help her or I would be able to get her some awesome gifts. And I’m excited. I’m super excited. I just want $2,000 It was going to improve my Christmas grade. Until I found out when I flipped it over that it was a fake scratch off ticket. So that was a popular thing to do back then. Give out fake scratch off tickets, make somebody think they want all this money. And then break it to them. No, you didn’t. When broke my heart that day. It was a joke. I got over it. laugh about it. Now, years later, many years later, it’s
been, I don’t know, 20, maybe 20 years. But many years later, now I can laugh about it. But it was
at the time I was hurt my feelings. But what it did was it made me it brought out a strong emotional reaction. And it tugged on my heart a little bit. It was going to be a better Christmas this year. That’s how they get you. They get you to have a strong emotional reaction. They tug on your heart. And then if up to welcome to the human element podcast. Visit our website at the human element dotnet for more content to help you strengthen your awareness of the people problem in cybersecurity. I am Scott Gombar. Owner and Washtech a client focused, security minded proactive IT service provider. Hello everyone and welcome to the human element podcast. This is episode 21. I am Scott Gombar owner of Noir’s Tech, we are a productive IT consultant based in Central Connecticut and serving clients all over the country. Maybe one day outside of the country to who knows. This is the human element podcast where we talk about social engineering, human psychology, the human element, essentially the human firewall, all of the fun stuff that usually when used for nefarious purposes leads to bad things. This episode is titled Lost and Found the dark side of Facebook scams. Pretty much like everyone else on Facebook, I do belong to a bunch of groups, most of them geographically connected to where I live, but a few others as well. And so a Buy Sell group. This is probably a year or two ago, they had a post about a missing child. And you know, of course, whenever there’s a missing child posted on Facebook, somebody’s looking for their kid or whatever it is. Everybody wants to share. And again, of course, the same thing here, but I thought this one was a little weird, because it was an Why would you post this in a Buy Sell Facebook group seemed kind of odd to me. So I dug in a little deeper. And sure enough, it was a scam. And now you see these posts is that was the first time I saw it. And again, probably close to two years ago. The first time I ever saw one like that. And I of course dug in and said why would anybody want to share a post like that? That wasn’t real. And so I dug in a little further to see what was going on. And eventually what happens is they change the content of the post. So I’m gonna get to that shortly. Now, fast forward a couple of years here and you see these posts all the time. And one of the red flags is it’s not usually posted to a group where you would find those things so I’m gonna have a screenshot of another post a more recent one. Not in my area but similar in nature and And it was let me see if I can grab it here what the name of the group was. So the group is called right and surrounding areas local chat. So seems a little more appropriate. But again, this was clearly a scam. And so why, why did I do this? And how do you? How do you recognize it? Well, I just told you one of the red flags, but I’ll give you some more in a moment. The one red flag is it’s not typically in a group that would post those kinds of things. So normally, when you see those kinds of posts, it’s in, you know, your local tones Facebook group or something like that. So that one a little more appropriate, but not, not 100% relatable. So it’s, it’s like a town chat more more than it is an actual town group, where they would share those kinds of things. Or you might see that a lot on like the local police, Facebook group pages. That’s where they’re often found, or the local media’s page, you know, the local news station has a Facebook page, and they’ll show those information. And so that’s one of the keys to making sure it is reputable is to, you know, share from one of those sources. Alright, so now you’re wondering why, and what are they hope to accomplish? And it’s, those are great questions. And I get asked those questions all the time when somebody is potentially victimized by a scam like this? Well, why why do we Why do they do this? What do they hope to gain? So here’s the, we’re gonna talk about three, specifically three types of scams that I’ve seen a lot of recently. And the first one is the one I just talked about the missing child posts. So it’s tugging at your heart. All right, it’s pulling at your heart, because most of us have kids, or a good percentage of us had kids, or we have family members that have kids. And so we see this and we’re like, Well, that would be heartbreaking if that was my, my child, or my nephew, or niece or whatever. And so we’re like, I got to share this, I want to make sure that this child is found. Well, here’s what they’re trying to do. First of all, they create the post, or use an image of a child that you could find anywhere. And there’s a few of them that are very, very popular. If you do a reverse Google search, sometimes you’ll find that it’s been used before, but they use another sources picture without permission. And this is why you shouldn’t share all your stuff publicly, by the way, especially when it comes to your children. And yes, I do have my children’s pictures on social media, but I limit first of all the reach and second of all, how often I share it’s very, very, it’s not often lately, but that may include those posts may include a detailed and emotional backstory to make the situation seem more desperate and authentic. So we will say something like, you know, my, my child was diabetic, and they need their meds and or something like that. And I’ve actually seen that the spread to post the scammers, then share the post and encourage others to share it as well, of course, and why wouldn’t you if you were really posting about your missing child. Because people naturally want to help, especially in a situation involving a child, these posts often spread rapidly, as you’ve seen, I’m sure, so the one screenshot I just grabbed. And again, it was a recent one with I think within the last week or so. But it had 57 shares just from that one group.
And then what they do is they now swap it out. So that there’s been shared out multiple times, they take that post, and then they swap the content of that post out. So now they’re going to put different content in there. And the hopes is, now you’re going to click on malicious links, or you’re gonna get fished, and it’s gonna bring you to another Facebook page where you try to log in. But usually that’s what happens, or they may not even go that far, they may just include a link in the actual post the current post that leads to something malicious in nature, or malware along those lines. And this happens a lot on Facebook Messenger too, by the way. Also, this happens on other social media platforms, but I’m choosing Facebook because this is where I see it the most. They’re also trying to do something called like farming. So sometimes they’re doing this just because they want to gain as many likes and shares to the post as possible, because that messes with Facebook’s algorithm. And then once they’ve done that, they will then change the content to promote something else like a product or service. Not as bad as malicious in nature, but it’s still cool kind of crappy that you use in a missing child you’re exploiting a missing child or not really a missing child but you’re splitting that scenario on Facebook to get more more eyes on your actual product or service. These scams can sometimes make it more difficult for genuine posts about missing children to be taken seriously. And again, I’ve seen that you know, nobody wants to share anything now, because they’ve seen this so many times. And you’re like, I don’t know if this is real or not. So what can you do? Check the source is the posts from a reliable source, such as a verified news outlet, or the official social media account and law enforcement agency, as I just mentioned, also, if you know the person who shared it, maybe go back to them and say, Hey, Is this legit? Nothing wrong with that check in with them. Look for specific details. Genuine appeals will often include specific details such as the location where the child was last seen and the case number. And I’ve saw one just today that was shared in my local town group. I think it was today. And there were very specific details what they were last wearing, where they were last seen that the police have already been notified. And they’re just asking for additional help. So that’s kind of what we’re talking about here. Looking for specific, just said, do an online search. If you see a post about a missing child, try doing an online search for the child’s name, and or other details from the post. And this is something I tell people to do all the time. You can use Google to search for anything. So if there is an actual missing child, Joe Smith is missing. If that’s probably not the best name to use, you know, if I said Joe Smith, of any town, Milwaukee, USA, missing missing child, then it should come up, it should be news outlets already reporting this, maybe even a police report possible. If it’s genuine, great, then you can share it. But if it’s not, you should report it because other people are going to share it without doing any research on the post itself. Remember that your instinct to help in such situations is a positive thing. And that’s why when I saw that post a few years ago about the missing child in the Buy Sell group, I was like this doesn’t add up. Does that make sense? Why would you post it there. And if that’s not the right audience, if it’s a child missing in your local area, then you’ll want the local population to know about that. And that’s where you want to reach out to. So trust your gut as much as you can. And it’s not to say that there aren’t people, you know, I see legitimate posts like that all the time as well. But they’re out there. So you need to take everything with a little bit of salt in make sure that what you’re sharing is legitimate and even go back later and check to make sure that it’s still there. You know, we we shared a podcast a couple weeks, yeah, a couple of weeks ago, about a fake LinkedIn profile, and how I recognize it, and wasn’t. One of the tips I gave was that, wait, if you get some random message on LinkedIn, not related to any jobs, or any business or anything like that, it’s just a hey, how you doing kind of message, wait a couple of days and see if that person’s profile is still there. Wait a couple of days, and see if that post is still on your on your Facebook feed or if it’s changed to something else. And I have seen that happen. I have seen that same post change after a few days. The second one is seems to be a little newer. I haven’t seen it up until recently. But it’s kind of the same thing. I found a lost dog scam on Facebook or last pet any kind of pet, cat dog anything. And obviously they’re trying to print emotions of pet owners, animal lovers, things like that. So it’ll be a similar kind of post. And the scammer posts a photo of a dog they claimed to a found usually it’ll usually be like a purebred dog something that might have some value to it. You know, I just saw one, most recently for a Siberian Husky. So they’re sharing this post about a Siberian Husky that they found wandering the streets and the dog has tags on it looks like it’s healthy and can you help us find the owners? So they have this backstory, finding a dog in a certain neighborhood or dog having specific identifying features so that you know maybe it’s Siberian Husky with blue eyes. And they’ll post pictures they’ll find a picture somewhere on the internet of this dog and share it or cat or whatever it is. The post will ask for help to find the dog’s owner prompting kindhearted Facebook users to share the post wherever they can make sense right we want to help dog owner reunite with the dog and then eventually someone will come forward claiming dogs there’s it could be the actual owner who was desperate to get their pet back or it could be another scammer working with the original poster. Imagine that. So this kind of a This is a more elaborate scam in that they’re trying to involve more than one person here they are involving more than one person. Now once the contact is made, the scammer will claim that they incurred various expenses whilst caring for the dog and ask for reimbursement before returning to pet. The scammer may request payment for things like vet bills, pet food or even boarding school boarding cost. Money is usually requested being an untraceable amount, or untraceable methods such as a wire transfer or gift cards. If anybody ever requests gift cards other than your family as a gift for their birthday, or Christmas, or whatever holiday you celebrate, just run nobodies nobody requests gift cards for payment. Not legitimately anyway, the outcome, once the money is paid, the scammer typically disappears. In many cases, that was never a found dog at all, just a stolen photo from the internet. So imagine you post pictures of your dog, they still the photo said the stock is missing. We found we found this dog wandering around our street. I mean, you should just go home and check to make sure your dog is there. But a lot of times that, you know they don’t do that. The scam exploits the strong emotional and what do I tell you before every how to avoid every scam is going to elicit a strong emotion. This is how you avoid it. If it elicits a strong emotion, backup, take a few minutes think about what’s going on. dig in a little bit, see if it makes sense. But anyway, it’s going to exploit the strong emotional connection people have with their pets both their own and others to protect against it. Never send money or give personal information to someone you don’t know. If you’ve lost a pet and see a post claiming to have found your pet, try to verify the claim independently. For example, by asking for recent photos of the pet, or arranging a safe, public place to meet and collect the animal always involve local animal control or a trusted if possible. So that being said, if you do lose a pet and you share it out over social media, they can then take a picture of that picture and use it to say hey, we found this animal. And that’s going to tug on people’s hearts. I saw a recent Mrs. This is how the scam works. I saw this is the post, I saw a recent post about somebody missing a dog, we found a dog very similar. Here it is. That’s how they get you. And then the third scam that I’m seeing a lot of all the time. And initially it was just these Amazon jobs that were offering to pay like 3540 $50 an hour to work from home, you need papers and blah, blah, blah. And then right below the actual job posting, there was a link to a Google site. So that’s the first red flag first of all, why would Amazon use a Google site to post a job.
But anyway, here’s what happens. They post these job postings and they post these everywhere. And this is why on all the groups that I manage, I have I have it set to check every post because I don’t want these posts on my group in my groups because people do fall for them. And sometimes it’s you know, the person is desperate they see a posting where they’re paying $35 an hour for a job to work from home that sounds like a great deal. I’m going to work from home get $35 an hour, I don’t have to worry about anything. And it’s a scam. So they post these jobs on Facebook claiming to be recruiting for a well paid Amazon jobs to post off and look professional and legitimate using Amazon’s logos and branding and they do that with the post. However the link that’s underneath it will not be an Amazon website and now they’re doing this with other companies not to I’ve seen other companies get used apples another one I see a lot of lately. Pretty much any pop well known company is being used at this point. Then you get this application and interview. Interested job seekers are instructed to message the poster directly or they might be directed to a fraudulent website. And that’s where the Google website comes in. And that’s usually what it is. scammer might even conduct a fake interview via instant messaging or over the phone. They get this job offer once the interview is over, the skimmer typically offers the job to the applicant almost immediately. This quick offer can make it seem like a fantastic opportunity cause an applicant to overlook red flags and there are tons of red flags and what these posts I do as often as I see them, and I gotta be honest, I haven’t seen as many lately but as often as I see them I will comment that it is a scam. And so the catch the scammer then claims that before the applicant can start work they need to pay for a job related costs. This could be for training materials software, background check or shipping of work from home equipment. The payment requests will be made via an untraceable amount again as a wire transfer prepaid debit card or gift cards In some cases, they might also ask for personal and financial information supposedly for payroll setup. But in reality this information is used for identity theft. And Once payment is made or personal information is shared, the scammer typically cuts off all communication leaving the victim without the promise job and out of any money they paid. In order to protect yourself from these scams, you should remember that legitimate companies will not ask for money from job applicants, nor will they usually require sensitive personal or financial information before formal job offer has been made. Always verify job postings through the company’s official website or HR department, you could always call a company called Amazon Hey, is this a legitimate job call Apple Is this legitimate job call their HR department find out if it’s a legitimate job because more than likely, it’s not. Um, I know there are positions that pay pretty well on Amazon and Apple, but usually not entry level and usually not work from home and usually not without any verification of who you are. And, again, gift cards prepaid debit cards. Nobody uses these for legitimate reasons, except for gifts, actual gifts. So those are the three that I see the most of on Facebook. And I just want to run through a few others that I see sometimes these fake contests or giveaways. I forget the actor now. But they were using an actor’s image saying that he was given away $5,000 to anybody would like just post that does not happen. It’s never going to happen. Don’t even show the post. There are scams that where they will try to impersonate celebrities and then get them to click on a link or share personal information. romance scams or talked about a lot of those when it comes to pic butchering. So if you want to learn more about that there are resources on human net.of, the human element.net and also on The Washtech YouTube channel. Friend Requests scams, these scams involve receiving a friend request from an account that appears to belong to someone you know, usually that’s an impersonated account. If you get a friend request from somebody, you know, and you’re like, I thought I was already friends with them, check. If you’re already friends with them, then guess what? This is not a legitimate profile. If you get something with the message, if you get a message from a friend you haven’t talked to in a while, and it seems a little off. Like I got one once from a guy that I know that’s a realtor. And he’s like selling insurance now. And I said that doesn’t add up. Let me let me double check. chain letter scams chain letters have been around forever, forever since I was a little kid. And so they happen on Facebook too. And the idea is, you just keep sharing this, you get this letter says share with 10 people and you’ll have good luck or you know, something along those lines and you keep sharing it disaster relief scams you see these a lot after natural disasters, you know hurricanes, earthquakes, things like that. They try to get you to donate money to a fake charity. And most of the time, you will never see that money again, you know, wealthy people in need of it. With that said, you know, donate to legitimate reputable organs organizations that have helped during disaster relief. A lot of times there are boots, boots on the ground organizations that that are more equipped to help because they are actually on the ground. To help me unstuck scams. I’ve seen these for 15 years now I’ve got one from a client 15 years ago, there were I got an email. This I think was before my time on Facebook. I don’t remember what year I joined Facebook, but I think it was before I joined even joined Facebook. And it was helped me I’m stuck in Europe somewhere in Europe. I need $2,000 Get home it was a client. I said something doesn’t sit right with me. And I called them at home. And sure enough, they were not in Europe, they were home. And they told me their email had been hacked. The Marketplace scams, this is pretty straightforward to buying or selling a product or selling a product I should say that doesn’t exist. So they’ve collected money. And in from people saying they’re selling this item. Usually if it’s too good to be true that you’d that’s the first red flag. But most local police departments now have it set up so that you can meet the seller in their parking lot or somewhere in the police office so that you don’t have to worry about these kinds of scams. And that’s for anything Facebook, Craigslist, any any marketplace where you’re buying and selling something online. And so I would say even if you’re selling meet the buyer, somewhere safe like that. And finally investment scams where they get you to invest in high return low risk investments. Those don’t exist. If it’s high return it’s high risk if it’s low return low risk, should not go to Facebook for investment advice in or investment potential. Usually there are Ponzi schemes or pyramid schemes and usually they involve some type of cryptocurrency but not always, it could be precious metals, it could be Forex, so be careful with that as well. Always exercise caution on Facebook or any social media platform. In reality, every social media platform because they are all with inherent risks, because you don’t know the person on the other side of the keyboard, who they really are. So I hope this helps someone stay safe and avoid these Facebook scams. Those were the three most popular followed up by 10 other I think 10 other potentially disastrous Facebook scams. So until next time, stay secure