How Facebook scammers sail under false colours to get their hands on your information

It’s an open secret that Facebook’s struggling to or may not want to effectively control the flood of content on their platform. And AI monitoring isn’t as reliable as it should be. Scammers take advantage of this to carry out phishing attacks and get their hands on users’ personal information.

What is phishing?

Phishing’s a method used by criminals to steal sensitive information such as usernames and passwords. They pose as a source the potential victim trusts and has dealings with in their daily life. The scam often involves fraudsters sending an e-mail or text message to the person who’s being targeted as well as setting up a fake website.

Successful phishing attacks mainly lead to identity theft, credit card fraud and data breaches. But also to substantial financial losses for individuals or companies.

For a while now, scammers have been relying on social media, namely Facebook in particular, to access users’ data. This is probably because these platforms make it very easy for criminals to pose as a trusted brand.

How do the scammers work on Facebook?

The scammers create fake profiles to gain the trust of users. These profiles are either clones of real brands, such as Digitec, for example. Or they’re phoney but reputable-looking companies – at least at first glance.

These fake profiles are then used to run regular ads on Facebook. They often contain images or photos of other brands – Digitec in this case. If you click on this type of ad, you’ll be redirected to the scammers’ website. That’s where you’re asked to enter personal information.

Users are lured into doing so by fake prize draws of popular products such as Apple iPhones. They’re made to believe the competition’s being run by a reputable company such as Digitec. But instead, they’re handing over their data to criminals.

Scammers often also fake entire comment sections, in which alleged lucky winners profusely thank Digitec. It’s simple but sadly also effective.

Taking a look at how ham-fisted these scams are, I wonder how anyone could actually fall for them. MacBooks, iPhones or even whole «palettes for CHF 2.00 CHF». It’s screaming fake!

After all, the chances of bagging a brand-new MacBook for CHF 1.99 CHF are pretty slim. And no, I didn’t make that up:

While the scammers didn’t do too badly with «Laptop for you» and «Marketing Agency» below, they totally exaggerated with the price.

In the following example, you’re promised a whole palette for two francs:

The photo is just a really shoddy Photoshop job. The lighting conditions and Digitec logo are off. But even if this didn’t catch your attention, which reputable company would flog entire palettes for two francs? If you believe that, you probably believe in Santa Claus.

For some reason, it seems two francs seems to be the threshold if you’re in the scamming business:

What can you do?

First off, you only really need to use your common sense to recognise fakes. Many scams are so clumsy you’ll spot them immediately.

Things get a little trickier when you’re dealing with «good» fakes. A bit of healthy distrust is the best protection. Always ask yourself if this is in line with the brand in question. Double-check their website. It’s guaranteed that’s where a promotion of this magnitude would be visible.

In general, installing an ad blocker’s advisable. Not only will it remove scams, but generally block annoying ads. I can recommend uBlock Origin, for example. However, this won’t work if you’re using the Facebook app.

Do you run a brand? If so, it’s worth looking for Facebook ads using your brand name. There are tools that tell you if your brand’s being used. One of them is Facebook Ads Library.

If something seems suspicious to you, this is where you can report the ad. Use the platform’s «report» features. Tell your friends and family that scammers are at work.

Affected companies should inform their community. Warn your followers about the scams and tell them how they can protect themselves.

Is pulling the plug the solution?

In my opinion, the best solution would be to completely pull the plug on Facebook. How about we all just delete our Facebook accounts? After all, there have been too many scandals and too many negative consequences for our society.

This isn’t the first time I’m saying this, either. My opinion hasn’t changed for at least three years:

But is it realistic that we can get rid of Facebook? Probably not. The consequences would be huge for companies whose revenues are heavily dependent on Facebook ads. Still, it’s worth thinking about.

A call for vigilance

The threat of fraud on social media is real and can cause serious damage. Not only can you lose access to your accounts to phishing attacks, you can also lose money or even be blackmailed.

It’s time to take action and protect yourself. Whether you’re a private user or a company. The question that remains: is it time to develop a critical attitude towards Meta and their ilk? At least politicians have had enough of the inaction. In the EU, the big providers are now facing heavy fines if they fail to control what’s happening on their platforms (article in German).