Seven Habits of Highly Effective Facebook Scammers

This article was originally published to the Grand Geek Gathering on July 28th, 2021.

If you’re still on Facebook in 2021 then you probably know precisely the kind of place it is.  The kind of place Obi-Wan might describe as, “wretched hive of scum and villainy.”

Of course, most people think of Facebook’s wretchedness as being a natural consequence of individual people’s ignorance. But there’s more to Facebook’s wretchedness than just that.  In fact, there are plenty of people who deliberately and maliciously use the Facebook platform to gain a quick buck.  They do so at the expense of others without remorse.

And the ever-growing presence of Facebook groups and overlapping social circles has allowed scammers to flourish, especially since the Covid-19 pandemic has pushed fandoms, conventions, and other social circles into cyberspace.

Today, let’s explore some of the most common scammers on Facebook, how to avoid them, and how to protect yourselves and your loved ones from them.

 

T-SHIRT SCAMMERS

WHAT IT LOOKS LIKE:

Actual attempted scam from a group I moderate on Facebook!

HOW IT WORKS:

Since most Facebook groups don’t allow selling, t-shirt scammers will join the group with a “dummy” account (usually, the profile picture is either a generic picture, like a sunflower or a sunset, or of a pretty girl), and then drop a picture of a t-shirt with a caption such as, “Do you like this t-shirt?  Say ‘yes’ if you want one!”  There’s no link to buy the shirt; the scammer will wait for people to indicate interest, then DM them and link them to a storefront or directly to a paysite to collect money.

Another technique is for someone to post "their" shirt, claiming it's their new favorite, and then using a second account to ask where to buy it, and then using that question to drop a link to a sketchy site in the comments.

Aside from being spammy and annoying, the t-shirt usually doesn’t exist at all; t-shirt product mock-ups can be created digitally using sites like RedBubble or Zazzle without ever creating the actual product.  T-shirt scammers will use the digital “proof of concept” to hawk their t-shirt, but the purpose of the scam is to steal your money and/or credit card information, not to sell you a t-shirt.

WHAT TO LOOK FOR:

• Any profile that uploads generic pictures of t-shirts that look like stock photos.  Pictures of beautiful people with their faces cropped out, showing off merchandise that’s likely photoshopped.
• Generic t-shirts that show a movie poster or logo; unlicensed merchandise; fan art on a t-shirt that isn’t from the artist themselves.
• Comments that encourage people to like, say “yes,” or indicate interest for the product.
• Comments that are over-enthusiastic about buying the product ("Where can I buy this treasure?" was an actual question I saw once) and help encourage others to click the link by saying things like, "I just bought mine!"
  
• New accounts (to Facebook) or recently joined accounts with no other interaction with a group aside from a picture of a t-shirt.
• If a link is provided, watch out for GearLaunch!  Don’t ever buy a product from a site you’ve never heard of.
  

 

FAKE STOREFRONTS

WHAT IT LOOKS LIKE:

HOW IT WORKS:

Anyone can create a Facebook page and advertise it; it takes less than five minutes and sometimes as little as five dollars to create a paid-advertisement storefront of Facebook.

The most notorious is The Valar Store, but it’s by no means the only one.  There’s whole groups dedicated to Facebook fake storefronts.  Because they appear on your feed as legitimate, targeted ads, you’re very likely to be exposed to one.

WHAT TO LOOK FOR:

• Literally Google “[name of store or website] scam” and see what comes up.  There are sites that specialize in checking if a storefront is legit or not, like TrustPilot.com.
• How old is the website?  Beware any site that was put up recently.  Online stores can be constructed and then dismantled within hours.
• “Too good to be true” pricing.  If you see a real, movie-quality, leather Deadpool costume advertised for $15 (marked down from $189!) then it’s almost definitely fake.  The most common items to have outrageously low prices are wearables: cosplay outfits, period outfits, elaborate costume items.
• Unlicensed merchandise and stolen art.  If you see a store advertising something similar to something you’ve seen on Etsy at a fraction of the cost, it’s probably fake.  The better the product and better the price, the more likely it is to be fake.  Run a reverse-image search on products to see if they pop up elsewhere.  Fake storefronts often lift product pictures directly from Etsy.
• Any site that has constant pop-ups saying “Amy from Minnesota just bought [product]!” is one to be wary of… the sales are fake and designed to make the item appear like it might sell out.  Beware of any fake scarcity marketing tactic, including “limited time” to buy or claims that there are “only 50 left!”

 

ROMANCE SCAMMERS

WHAT IT LOOKS LIKE:

HOW IT WORKS:

The romance con is a tale as old as time.  A random person befriends you and begins chatting.  They are flattering, complimentary, polite, and kind.  They take an interest in you.  A romance blossoms.  They decide they want to visit (or arrange for you to visit them).  They ask for money.  And after you’ve shelled out thousands to meet your “soulmate,” they disappear.

WHAT TO LOOK FOR:

• Most people aren’t lonely or dumb enough to fall for romance scammers, but beware the “mutual friend” technique!  Scammers on Facebook will sometimes friend you to “build up” their own profiles. They will friend mutuals (i.e., “friends of friends”) and end up with a “friend group” that looks legit, then message older people who don’t seem familiar with Facebook. And because the scammer’s friend list includes 20 “mutual friends,” it makes them seem legit, and Grandma is more likely to “invest” with the person who is “friends” with her grandson and his friends, thinking it’s a real person. The more friends a person has on Facebook, the more “access” they get to other people, and the more credible their profile appears.
• If you think you don’t know someone on Facebook, you probably don’t!
• Even if a scammer isn’t scamming you directly, the friend requests are absolutely aiding them by giving them access to more people and by “building up” their Facebook presence.  If you ever get a message from a person you don’t know, especially one that calls you “dear” and compliments your appearance a lot, REPORT that profile straight to Facebook.  It’s a scammer and they’re testing the waters to see if you’re a good mark.
• Often, romance scammers will have a (fake) military backstory.  This allows them to claim they are overseas on “deployment” and to tug on the heartstrings of elder patriots.  Another common backstory involves being a traveling doctor (i.e., Doctors Without Borders), or a missionary.
• Romance scammers overwhelmingly target older folks with low Facebook literacy, particularly single women, so make sure to talk to your grandmas/aunties/godmothers to make sure they aren’t getting targeted!

 

IMPOSTERS

WHAT IT LOOKS LIKE:

Source: https://www.boredpanda.com/crazy-scam-messages/

HOW IT WORKS:

Similar to romance scammers, imposter scammers will copy profiles of people on Facebook and then send out friend requests to their friends, creating confusion about who is the “real” one.

WHAT TO LOOK FOR:

• Did you get a friend request from someone you already thought was your friend?  Go check their older or “main” profile and see.  If you’re already friends with someone, be wary.
• Did your friend indicate they were making a new profile recently, or does this seem completely out of the blue?  Message your friend (on their old profile, or better yet, via their cell phone) to confirm it’s them.
• Don’t believe your friend if they message you out of the blue to tell you that they’re “stranded” somewhere and need you to send them money.  Duh.

 

LINK DROPPERS

WHAT IT LOOKS LIKE:

Source: https://www.boredpanda.com/crazy-scam-messages/

HOW IT WORKS:

If you ever get a DM on Facebook from a friend who you don’t talk to much, and it contains a link with a vague, non-contextual message like “Is this you?” DON’T CLICK IT!

WHAT TO LOOK FOR:

• This should go without saying, but the “Is this you?” method is remarkably effective (which is why scammers use it).  Another common one is a link-drop combined with a “Thought of you!”  People are naturally curious about themselves, so link-droppers usually make the link into something seemingly personal.
• The simplest way to check if this is a scammer is to literally ask what the link contains.
• Another method to get you to click a link, especially if you’re a group admin, is to send a message claiming that the group “illegally” used material that violates a copyright, and asks you to click a link to view the copyright claim.  That’s bullshit.  If there’s a legit claim, then the material will be removed by Facebook itself.
• Note that there are scammers and bots that can hack into your account and use it to link-drop on your friends!  If your friends ask you if you sent them a link and you didn’t, MESSAGE EVERYONE to alert them to the scam and to tell them NOT to click on the link.  Speaking of which…

 

MEME PHISHERS

WHAT IT LOOKS LIKE:

HOW IT WORKS:

Have you ever seen the meme claiming that your “porn name” is your pet’s name and the street you grew up on?  How about the one that says your “pirate name” is your favorite color and your high school mascot?  How about the one that says your “superstar name” is your mother’s maiden name and the three digits on the back of your credit card?

The amazing thing about this scam is that most people who post the meme asking you to drop your “porn name” are doing so innocently.  Your weird aunt on Facebook, your local “shock jock” radio station, a mom-and-pop pizzeria… they’re innocently asking because they think it’s cute and harmless.  But trust me when I say that, for publicly posted memes, trolls trawl through the comments to search for clues to steal passwords and identities.  Because of Facebook’s algorithms, if one of your friends comments on a public page (that you aren’t following), you will still see that post, encouraging YOU to comment.  The more people in a friend “circle” who engage with a post (either directly, or by responding to a friend’s comment), the more circulation the meme gets.

WHAT TO LOOK FOR:

• If you see friends or family members (ESPECIALLY older, less internet-literate folks) commenting on these types of memes, DM them and let them know your concerns.  Remember, commenting or engaging with the post will INCREASE its visibility.
• Make your answers to password recovery questions intuitive.  If your password recovery question is, “What was your first car?” Answer with your mother’s maiden name.  If your password recovery question is, “What was the name of your first pet?” Answer with the city you met your spouse in.  Since this field is fill-in-the-blank, you can answer with anything; this grants you another layer of protection against those who would try to steal your password.

 

MLM HUNS

WHAT IT LOOKS LIKE:

Courtesy of Redditor /u/MikFizzle_

HOW IT WORKS:

“Hey, hun!”  If your blood just turned to ice in your veins, then you probably already have gotten one of these massages.

MLM (or multi-level marketing) companies have absolutely saturated the sphere of social media, and they are ridiculously dangerous.  Preying on insecurity (both physical and financial), and relying on social networks, MLMs are glorified pyramid schemes that promise a quick, easy, online buck.  They sell a product (cosmetics, weight loss products, essential oils) but the real thin they’re looking for isn’t customers… it’s downlines.  MLMs will try to get you to “sign up” for their company, often with the promise of earning money or getting discounts on products.  The reality?  MLM companies make a lot of money from their “entrepreneurs” and 99% of people who sign up for MLMs end up losing money instead of earning it.

WHAT TO LOOK OUT FOR:

• “Love bombing.”  (And its counterpart, guilting.)  Similar to how cults operate, a lot of MLMs will aggressively flatter and compliment new members.  If a friend online seems to suddenly have an instant new best friend (who they are also “in business” with, either as a “coach” or “mentor”), beware.  They’re being used.  In addition to love-bombing new recruits to MLMs, MLM schemes will try to isolate their new marks by claiming that anyone who isn’t love-bombing them is not being “supportive.”  MLMs will guilt people for not “supporting” the “independent business” of their marks.  As a general rule of thumb, if you see a “business” acting the way a cult would, be wary.
• “Parties.”  Pampered Chef and Paparazzi jewelry are two of the most notorious for having online “parties” shilling their products.  Ditto “giveaways.”  These online parties are basically glorified timeshare presentations, but because they’re given by your friends or your family, it’s much harder to say “no” when pressured to buy.  The best thing you can do is to avoid any “party” that includes an ability to buy a product; the party is probably not much more than a front for selling said product.
• Any “job” that requires you to “buy in” to be a part of it isn’t a real job.  MLMs claim to be “businesses,” but the distributors are the customers, not employees, and 99% of them lose money when they join the MLMs.
• Educate yourself on which “businesses” are MLMs by checking out the Anti-MLM subreddit.
• Don’t buy MLM products!  If your friend joins an MLM, buying a product only prolongs the length of time they will stay involved, and the longer they stay with the MLM, the more money they will lose.

 

IN SUMMARY

What do all these scams have in common, and what can be learned from their tactics?

Here are a few broad rules for staying safe on social media as it continues to evolve:

• Don’t buy products online from people or businesses you’ve never heard of.  To purchase from small business owners, the most reliable sites are Society6, Etsy, Pixiv, Patreon, Zazzle, and RedBubble.  If you don’t know a platform, exercise caution.
• Make purchases online using Paypal.  If a store turns out to be a scam, you can dispute the transaction through Paypal.  Never use an unfamiliar, third-party buying platform… especially GearLaunch!
• Don’t make your passwords, or, more importantly, your password questions, intuitive or easily guessable.  Computer-generated, randomized passwords are currently the safest passwords available; likewise, random answers to questions are far better than any information that can be looked up on social media.
• Have a way to verify information.  If someone sends you a link over Facebook, ask them what the link is before you click it.  If someone asks you to wire them money for an emergency, call them on the phone (or better yet, FaceTime them) to ensure it’s really them.  If you REALLY want to get creative, have a “password” to weed out doppelgangers from your real-life friends.  This also comes in handy in case there’s ever a “I don’t know which clone to shoot” scenario on a rooftop or the side of a cliff.  (I absolutely have secret “safe words” with my close friends to make sure no clone will ever be able to steal my identity.)  (Protip: having a bellybutton is also a very good method to avoid being mistaken for a clone.)
• Delay your purchases.  A lot of scammers rely on impulse purchasers to click and buy without thinking.  It’s easy to make a purchase and forget about it while you’re in your third or fourth hour of “doom scrolling.”  Pressure tactics are common.  If you’re on the fence, delay a purchase by 24 or 48 hours and then see how you feel.  Don’t fall for “flash sales” or super-special-blink-and-you’ll-miss-it deals.  Legit storefronts will run those deals again; stores that claim it’s a once-in-a-lifetime opportunity to get some outrageous discount are conning you by capitalizing on your FOMO.
• If a price seems too good to be true, it probably is.
• Copy-paste is your friend.  See an amazing item you just HAVE to have from a store you’ve never heard of?  Copy the image link and run it through a reverse-image search on images.google.com to check if it was lifted from Etsy.  Did your uncle just send you, via DM, a lengthy message that seems a little off?  Run it through Google and see if it’s a scammer script; his account might have been hacked, or duplicated.  Note that most MLM sellers follow scripts, as well, and those scripts are well-documented.  Be prepared to call MLMers out on their scripts.  Speaking of which…
• Just say “no.”  If there’s anything all of these scams have in common, it’s that they manipulate YOU into providing something.  YOU are the one who has to click the link because you’re wondering if it’s really you in the video.  YOU are the one who has to say yes, you want to buy the shirt.  YOU are the one who has to respond and provide information to the scammer.  At the end of the day, the single best protection against online scammers is the simple power of “no.”  No, you won’t click the link.  No, you won’t provide information.  No, you won’t even explain why not.  You are simply opting out.  Full stop.  Scammers put a lot of social engineering into their craft, but ultimately it still relies on their mark to participate.  Before you get on social media, put yourself into the mindset that you do not need to take the bait, and that the power of “no” is more powerful than any scam Facebook can throw out at you.

“Fool me once, shame on you. Fool me twice, shame on me.”