Hackers Are Exploiting Both Facebook and PayPal to Create a Superscam

Imagine this… A real-life friend contacts you via Facebook’s Messenger to ask you for a favor. They are having issues linking their PayPal account to their payment card, and now they cannot transfer the funds to their bank. But they need to pay, let’s say, an electricity bill they had forgotten about ASAP. You have a PayPal account, right? Your friend will send you money via PayPal, so that you could withdraw it to your bank account and then send the exact same sum to their bank account. In fact, your friend is giving you more money just to thank you for your troubles. How can you say no to a friend? Well, if you say yes, you get yourself scammed. Three different victims (your friend, you, and, potentially, a PayPal user) could be involved in this scam, and two different platforms are exploited, which is why it is identified as a superscam.

According to the data collected by Bernard Meyer at cybernews.com, cybercriminals can rake in $1.6 million every month with the help of this clever scam. This is a big deal. Unfortunately, this is not a new PayPal scam/Facebook scam. In 2018, a photographer in Northern Ireland lost 1,800 GBP (~$2,200) due to this superscam. As with any account takeover or scam, there are missteps behind this Facebook/PayPal scam as well, and there are ways to identify the traps laid by schemers to protect yourself against it. Continue reading to learn how to identify the signs of a scam message on Facebook and how to protect your Facebook and PayPal accounts in the future.

Who is the target of the deceptive Facebook scam?

Schemers do not pay attention to nationality, race, age, or anything else really; at least, not in this case. All they care about is whether the account can be hacked. This is the first hurdle that schemers must jump over. If schemers are planning on using someone else’s PayPal account, that is the first thing they handle. Whether or not your own account is hackable depends on several things. Is your login password easy to guess? Do you use a common combination? Do you use the same password to lock accounts on multiple platforms? Although most users online are aware of strong password requirements (random, long, combines lower-case letters/upper-case letters/numbers/symbols/special characters), not all of them take their time to change every single password that they own. This is exactly why password managers are so great. Cyclonis Password Manager, for example, can identify weak passwords, alert you about weaknesses, help you make changes with the help of a password generator, and also encrypt all combinations to ensure full security. If you are interested in trying out a tool like that, use our free 30-day trial.

Of course, even if schemers can obtain breached passwords – for example, they could be leaked and sold after a data breach – or brute-force/guess them, they might still be unable to gain access to your accounts. That depends on what other security measures you employ. Do you have 2-factor authentication set up? If you do, note that cybercriminals can find ways to circumvent it. Have you set up questions, answering which should grant you access to the account? The secret answers could be obvious or easy to figure out. For example, if it is your pet’s name, it could be found on social networking platforms if you share that kind of information publicly. Schemers could also forgo the hijacking of vulnerable PayPal accounts and use their own accounts to scam Facebook users.

Facebook accounts can be hijacked in the same ways. If your login combination can be guessed, if you reuse passwords on multiple accounts, or if you have not updated the password in years – during which, data breaches have occurred – you are at risk. Do you receive email or SMS verification codes when logging in from a new device? Cybercriminals could intercept those. Of course, you should set up 2-factor authentication and also go through the available Facebook security settings to ensure that your accounts are as strong as they can be. After all, you do not want your accounts hijacked and then used to scam your family and friends, do you? That being said, you cannot control how your friends take care of their accounts.

How to recognize the PayPal scam: 3 signs of a scam message on Facebook

First and foremost, you have to pay attention to the logic behind the message. Are you being asked to transfer money to the account of someone you barely know? Did your friend suddenly stop responding to your messages and then a request to transfer money appear randomly? Is it your boss or your employee who is making the request? If the message does not make sense, you should realize that something is not right immediately. Another important thing to note is the tone of the message. Is your “friend” using a vocabulary that is out of the ordinary? Is your “friend” addressing you in a strange way? Perhaps they are asking to transfer money in a currency that does not make sense? If you know the person who is asking for the said favor well, you should be able to pick up on a different tone.

Can you call your friend on Facebook? If your call is dropped or unanswered, it is most likely that a schemer is trying to hide their identity (voice or face on video call). Even if you are 99% sure that it is your actual friend who needs the favor, you need to call them to confirm that they are the ones who are asking for a money transfer. If you ignore the signs of a scam message on Facebook, accept money into your PayPal account, and finally send money to the attackers’ bank account, they can then perform a Chargeback on PayPal. The money is charged from the victim’s funds or the connected bank account. The victim ends up losing money, and the schemer ends up taking it. Needless to say, schemers have to put in the work for this devious Facebook-PayPal scam to work, but if they succeed, the reward can be huge. After all, we now know that the scam is making millions of dollars for schemers every year.

In conclusion…

You have to be mindful about how you handle your PayPal and Facebook account security. If you do not set up strong passwords, if you do not use additional security features provided by these services, and if you are not quick to protect yourself after data breaches, you could become the target of the devious Facebook-PayPal scam. Hopefully, you still have time to protect yourself, and you will remember the signs of a scam message on Facebook in the future. At the end of the day, if you want to protect yourself against Facebook scams and PayPal scams, you need to start with the protection of your accounts first.

By Foley
May 18, 2020
May 18, 2020

Leave a Reply