Facebook scams: how to spot and avoid them

Scams on Facebook are numerous and more sophisticated than ever. From fake giveaways to hijacked accounts and phishing links, Facebook scams are easy to fall for unless you know the red flags and learn how to protect yourself from malicious exploits. 

As Facebook combines a social network, a peer-to-peer marketplace and a messenger, it makes it a breeding ground for scammers of all sorts. It’s not surprising that since the start of 2024 Facebook has taken down more than seven million accounts associated with scam centers across the globe.

Let’s look at the most common Facebook scams going around right now, how to spot them, and what to do if you’ve become a victim of Facebook scammers.

What are the most common Facebook scams?

Romance and dating scams

A classic of scams on messengers, such as WhatsApp and Facebook Messenger, romance and dating scams involve a scammer targeting random people in DMs and developing an online relationship with them. It may start in a completely benign way but then lead to the scammer requesting money to cover unexpected, urgent expenses or to pay for their trip to see you. 

In reality, they never intend to developa genuine relationship but only want you to send them money before they disappear. The biggest red flag here is their avoidance of video calls, as scammers hide their real identity.

Facebook Marketplace scams

Facebook Marketplace is sadly full of fake buyers and sellers, as well as “free” listings that disguise a scam. Some typical scams there include buyers overpaying and asking for a refund, or sellers posting fake listings, demanding upfront payments or deposits and then disappearing.

While this platform is generally safe to use for buying and selling in your local community, many scammers take advantage of its lack of identity verification and buyer protection. This makes it easier to trick people into sending money before seeing the item or into sharing sensitive personal details with a stranger. Once Facebook Marketplace scammers slide into your DMs, they may also send phishing links to spoofed pages to further harvest your personal data.

Donation scams

Scammers exploit Facebook’s social feed by posting heart-wrenching, albeit fabricated, stories of people needing life-saving medical treatments, or posing as legitimate charities fighting for a cause that requires emergency fundraising. 

These fake donation requests are typically posted in Facebook groups or run as ads, and attract users with a genuine desire to help. These posts frequently feature a form to fill in with personal data as well as spoofed payment pages that steal victims’ credit card data. Unless you verify the cause and the identities of the people behind it, it’s best to avoid sending money to reduce the risk of being deceived.

Phishing and Facebook login scams

Phishing is, unfortunately, still a very effective tactic scammers use to trick users into sharing personal information, including Facebook login credentials. For this, they often impersonate Facebook itself, sending spoofed emails and messages that resemble Facebook but are only designed to deceive and collect sensitive data.

Fake Facebook emails may include notifications about friend requests, new messages, photo or video tags, violations of Facebook’s Community Standards, or warnings to take action to avoid account suspension. In some cases, you may be requested to change your password or provide a two-factor authentication code even though you didn’t ask for it. 

Once you interact with a link in such messages, scammers may steal your credentials to hijack  your Facebook account or install malware on your device to harvest more personal data. 

Lottery and prize scams

Who wouldn’t like some free money? This is exactly the premise of many lottery, giveaway and prize scams running on Facebook. Users may come across these posts in their feed, Facebook groups, or on pages of “reputable” institutions like Lottery USA, which often turn out to be spoofed versions of real accounts.

Entering such a lottery, competition, or giveaway typically requires your personal details or a small upfront payment to guarantee your participation. Behind the scenes, the link you click is used to steal your sensitive data and payment card details—without any actual prize.

Investment and crypto scams

These are common types of Facebook money scams in which scammers pose as trusted financial advisors or trading platform representatives to lure users into fake investment schemes. These schemes often deal with cryptocurrency, offering high returns with minimal risk, and sometimes support their claims with forged reviews and fake celebrity testimonials. 

These scams can initially offer slight returns on smaller investment amounts to engage the victim so that they invest more and more money, hoping for a bigger profit. These schemes can also run for years, with the sole goal of stealing more money from unsuspecting victims. 

Before responding to an investment offer on Facebook, research the company and check for past client reviews—the absence of negative feedback can itself be a red flag.

Job scams

Scammers advertise job listings on Facebook Marketplace, in the feed, or by contacting you on Messenger, offering quick income or very attractive working conditions—often too good to be true. These job scams often include fake modeling contracts, targeting teens and taking advantage of their lack of awareness, or promising fully remote positions with some hefty income for just a couple of hours of work a day.

To be considered for the job, though, you need to provide your personal information and often pay a fee upfront — for processing your application or, once “hired”, for training or equipment. These jobs almost never require formal interviews and you might never get to meet the people behind the job post. In reality, they only want your money, and the job listing is simply fake.

Survey and quiz scams

These scams include Facebook posts inviting you to take a survey or quiz, often featuring clickbait and lighthearted topics like “Which celebrity are you?” or “Only 1% of the planet’s population can solve this. Can you?”. Sometimes these scams incentivize participants with promises of a financial reward or gift vouchers in return.

The real goal of such scams is to harvest your personal information, sign you up for paid services, install malware or keyloggers on your device, or just steal your money. You should never enter your personal information on survey and quiz websites, or give third-party apps permissions to access your Facebook account data unless you’re sure they are legitimate.

Fake Business Manager partner requests

In a recent variation of Facebook phishing scams, bad actors send out fake Business Manager partner requests to business accounts that run Facebook Pages or ad accounts and request account access. Once access is granted, scammers can take over the business account, lock the real owner out, and run malicious ads using the victim’s money.

You should never accept a partner request from someone you don’t know or have no prior communication with, and you should always verify their identity to avoid losing access to your business account. 

How Facebook scams work

How do Facebook scams work? There are many tactics in scammers’ toolkits. Many of them exploit human psychology and our innate tendency to trust and engage, even counterintuitively. Others exploit gaps in victims’ technical or financial knowledge. In any case, it’s possible to catch a scam early if you know what to look out for.

Fake links and malicious ads

Scammers typically scrape personal information through deceptive links and ads that hide spoofed web pages or pages containing malware. Bad actors are really good at imitating legitimate businesses and causes, and they make their headlines and hooks sensational enough for many to click without thinking. 

Beware of any clickbait posts and messages that contain suspicious links to shady sources, even if the content looks innocent. You can’t see it, but opening such a page may trigger malware installation on your device, leading to further collection of your personal information and logging the credentials you enter.

Social engineering and impersonation

Scammers are skillful impersonators and social engineers, with a truly broad acting range. They can pose as Meta or Facebook, a trusted investment coach, a celebrity, or your cousin—all with the goal of stealing your personal data, credentials, and money.

People who fall for fake links and ads described above often enable scammers to hack or take over their Facebook accounts and impersonate them to target their network of friends and relatives. So even if you follow all the best practices of securing your Facebook account and never fall for online scams, it doesn’t mean scammers can’t reach you through others’ compromised accounts. 

That’s why it’s important to educate your social circle about the risks of Facebook scams, especially your loved ones, as impersonating them can be more convincing and also more damaging to you.

Deepfakes

Artificial intelligence is making waves in all areas of life, cybercrime included. AI-powered deepfakes are increasingly used by scammers to imitate celebrities, politicians, and people you can trust to lure you into fraudulent commercial or investment schemes. 

This technology allows scammers to make their exploits more credible by posting convincing videos from well-known people. Deepfakes are becoming harder to detect without careful scrutiny or context, so it’s important to watch for other suspicious signs, such as grammatical errors, vague language, or links to unknown websites.

Psychological manipulation

Scammers exploit people’s weaknesses, such as falling for free money or romance. We also tend to act erratically when pressed with urgency or in an emergency. We have deep compassion for those in need. We also have this fear of missing out that makes us click the link or claim our prize before it expires. All of this makes Facebook scams easier, as scammers know how to push our buttons. 

That said, watch out for any signs of emotional and psychological manipulation in Facebook messages, ads and posts that trigger you to act fast and without much thinking.

Real stories: recent Facebook scam examples

These are just a few examples of scams on Facebook that can target all types of users, regardless of their digital literacy, age or financial status:

In the UK, a former British Army Major was scammed out of £200,000 (US$271,000) over the course of four years by a fraudulent Bitcoin investment scheme advertised on Facebook, and using Sir Rod Stewart’s face as social proof of its credibility. 

In the US, there are Facebook scam posts in local groups promoting free grocery distribution events which asks users to find out the time and location by registering via a phishing link. 

A fake cash giveaway using a Kelly Clarkson deepfake illustrates how scammers make use of advanced AI technologies to take impersonation to the next level. In this scam posted on Facebook, a video seemingly featuring Kelly Clarkson invited users to comment and engage with scammers on WhatsApp to claim a prize.

What to do if you’ve been scammed on Facebook

If you’ve been scammed on Facebook, it’s likely that you can no longer access your account, your friends and connections may complain about suspicious messages sent from you, or you might have given away either your personal data or money without getting what was promised in return. Any of these instances are enough to report the scam to Facebook and relevant authorities and take the steps to protect your account and identity. 

Report the scam

• First, report the scam to Facebook—this option is typically available in the … menu next to posts, photos, videos, comments, and profiles. This will alert Facebook to review your case and take action if they detect a violation of their Community Standards.
  
• If you got a phishing email, forward it to [email protected].
  
• If your sensitive personal or financial details were deceitfully obtained and you’re based in the U.S., report the scam to the Federal Trade Commission or the Internet Crime Complaint Center.
  
• If you suspect your credit card data is stolen, report the incident to your card issuer immediately to cancel the card and enable fraud alerts.

It’s important to note, however, that none of these actions guarantees legal action against perpetrators or any reimbursement of your losses. It’s still important to report such cases, though, to help identify and prevent these bad actors from doing more harm.

Recover your account

If you suspect your account was hacked, whether you can still log into it or not, follow this guidance from Facebook to recover your account. 

If you still have access to your account, reset your password and remove any unauthorized logins and devices you can see as signed into your account.

You may also get a suspicious reactivation email signalling that someone broke into your Facebook account with your login and password. In this case, resetting your password should help secure your account from unauthorized access.

Monitor your personal information

If you shared your financial information in a suspected scam, contact your banking institution or payment card provider immediately and enable fraud alerts in case your financial data gets misused.

You can also sign up for a holistic identity monitoring and protection service that will act as insurance against identity theft and will alert you once your personal data is found on the dark web or is otherwise exploited.

One immediate action you can take is to get a free scan by Onerep to see if your personal details are publicly available via data brokers and people-search websites. You can then use Onerep to remove this data from the surface web automatically so that it can’t be misused for impersonating you or in targeted scams.

How to protect yourself from Facebook scams

You can avoid scams on Facebook and protect yourself from being targeted by bad actors if you learn to recognize the red flags and take action to secure your Facebook account. Scammers thrive on victims who tend to act on impulse and pay little attention to alarming signs. Above all, trust your intuition—if something feels off, stop communication and report the sender.

Red flags to watch out for

Facebook fraud and deception go hand in hand with people’s lack of awareness or ability to recognize scam traps. Review the following red flags and immediately stop interacting with the scammer if you notice any of these:

• Competitions or giveaways that require you to enter sensitive personal details or pay a fee to participate or claim the prize.
  
• Friend or message requests from new users with superficial accounts and few connections.
  
• Ads or messages from accounts claiming to be celebrities or well-known businesses.
  
• Links and attachments in unsolicited DMs from unknown sources.
  
• URLs that resemble official Facebook links but are slightly changed or misspelled. The official Facebook domains are fb.com, facebook.com, facebookmail.com, instagram.com, meta.com and metamail.com.
  
• Threats or demands to act or make a payment under the threat of legal consequences or your Facebook account suspension.
  
• Messages using urgency and pressure to act immediately.
  
• Offers that are too good to be true and lack any verifiable specifics such as location, contact information, or names of responsible people.

Facebook account security best practices

Once you know how to spot a scammer on Facebook, it pays to embrace Facebook security practices to minimize your chances of being targeted:

• Never share your login information, including unsolicited password recovery codes or two-factor authentication codes, especially if you don’t remember logging out of Facebook. Scammers create spoofed versions of the Facebook login page, so you should always verify the domain and, if in doubt, enter the correct URL manually (fb.com or facebook.com). 
  
• Use two-factor authentication and enable login alerts. You can do this via Facebook Security Checkup, which verifies the security protections you have in place and recommends additional steps to secure your Facebook account.
  
• Don’t click on suspicious links sent by unknown contacts, even if they seem tempting.
  
• Report fake profiles, suspicious messages, and scams, and block questionable senders.
  
• Don’t accept connection requests from strangers.
  
• Check your profile activity for anything unusual or unfamiliar.
  
• If you receive an email allegedly from Facebook, verify its authenticity by checking: Settings > Account Center > Passwords & Security > Security checks > Recent emails.
  

Stay smart, stay safe

The best protection against scammers—on Facebook and elsewhere—is awareness. Hopefully, after reading this guide, the next time you get a message like “Is this you in this video?” in your Messenger, you’ll block and report instead of falling for the trap. 

Try out Onerep to further clean up your digital presence and protect your personal information from exposure.

FAQs

How do Facebook scams work?

Facebook scams work by exploiting trust, emotions, and urgency to trick people into clicking malicious links, signing up for fraudulent investment schemes, or donating money for fake causes. This allows scammers to harvest sensitive personal data and credit card information to take over accounts and steal funds.

What are the latest Facebook scams?

Some of the latest scams on Facebook include romance and dating scams, fake Facebook Marketplace listings, lottery and giveaway scams, as well as investment and trading ads that deceive users with the purpose of stealing either personal information or money.

Is there a Facebook scammer list?

No, there is no official Facebook scammer list available, as scammers constantly change their accounts and pages. However, it helps to report any suspicious profiles to Facebook to minimize their potential harm.

I got scammed on Facebook, what can I do?

First, report the scam to Facebook and, if you’re in the U.S., to the FTC and IC3. Then recover access to your Facebook account if it was hacked, contact your banking institution if your financial data was involved, and enable identity theft alerts via one of the many available identity protection services.

How to spot a scammer on Facebook?

Top signs of a Facebook scam include suspicious friend requests from new user accounts, unsolicited messages with strange language and a link to an unknown website, requests to provide personal information or make a payment, urgency to act immediately, persistent demands to follow the scammer’s instructions and messages posing as Facebook, sent from domains that resemble the official one. If you find a request or Facebook post suspicious, it probably is.

Is it safe to use Facebook?

Yes, it’s generally safe to use Facebook, but as with any other social network or messenger, not all users can be trusted. Scammers exploit online anonymity and the platform’s lack of identity verification to set up their traps, also taking advantage of the sheer size of the Facebook user base. Secure your Facebook account with two-factor authentication, set up login alerts, and never interact with posts or messages from unknown contacts.