Skip to main content
News Article

Beware the new Facebook account takeover scam

Published 7 October 2016 by

These days, it's a rarity to find someone that doesn't have some sort of a social media profile. In fact, most people probably have a few different ones – whether that's on Facebook, Twitter or Instagram.

This is not something that's gone unnoticed by fraudsters. That's why they're using the largest social networking site Facebook to hack into people's accounts and contact their friends asking for payments via PayPal.

To help you know what to look out for, we're taking you through the details of this social media scam.

The details

ActionFraud has received several reports from victims who have had their Facebook accounts hacked into. Once they’re in the account, fraudsters go on to change their password and phone number.

They then set about messaging the victims' friends to ask them to receive payments through PayPal for a number of different reasons. The fraudsters ask for the mobile number of the victim so they can communicate through messaging service WhatsApp – and this is not the first time WhatsApp has been used in a scam.

By doing this, the fraudsters try to convince the victim to receive funds into their own PayPal account and transfer them into a bank account owned by the scammer. They then start a ‘chargeback’ through PayPal to get the money back they originally transferred to the victim’s account. A chargeback is when a buyer asks their credit card provider to reverse a transaction that's already cleared.

This will leave the PayPal account holder at a loss, as they've already sent the money to the scammer's bank account. The fraudsters will therefore receive double the amount they paid out.

An example of a message received by one victim on Facebook reads: "Hey I know it sounds random but do you have a PayPal account? I sold something on Ebay".

The victim replied to this and the fraudster stated: "Can I send you my bank details on WhatsApp I have changed my phone so send me your WhatsApp number and I will message you there".

Another victim transferred £3,800 into a fraudster's bank account, after receiving the money into her PayPal account.

Be alert

If you message your friends regularly on Facebook, you might not think anything of an old friend getting in touch out of the blue. But how do you really know who's behind the message? Protect yourself and your Facebook account by following these tips.

• Think twice about a suspicious message you receive from a friend on Facebook. If the message doesn't seem genuine, contact them by another route to make sure that it’s really them.

• Make sure you have a strong password in place. A strong password usually consists of a mixture of lower and upper case letters, alongside symbols and numbers. You should change your passwords regularly and never use the same password for multiple accounts.

• Think about enabling Login Approvals on your Facebook account. This is an extra layer of security that uses your phone to protect your account. Follow this guide on how to turn on login approvals.

• Has your Facebook account already been hacked? Then you can recover your hacked Facebook account with these guidelines.

You can report a fraud through Action Fraud and receive a police crime reference number using their online fraud reporting tool

Legal Information

×