Cybercriminals are coming up with ever-more inventive ways to con you out of your money. And this latest Facebook scam, uncovered by Cybernews, is more cunning than most.
The way it works is that the scammers buy hacked Facebook login details from the dark web. They sign into the account and send a message to the user’s friends.
The message asks if the friend is willing to receive money in their PayPal account, withdraw it and then send it back via bank transfer.
This is what the conversation looks like:
And since it doesn’t cost them anything and they think they’re doing a favour for their friend, people are falling victim to the scam.
What is the Facebook PayPal scam?
So far there’s only deception. But the trick ultimately costs the victim money.
That’s because the scammer does a Chargeback on PayPal once they have the money the sent to the victim back in their bank account.
A Chargeback is where the PayPal transaction is reversed, so the sum they originally paid into the victim’s account (now withdrawn and paid back to the scammer via bank transfer) is given back to the scammer by PayPal.
That money is taken from the victim’s PayPal balance, or from their bank account if there’s insufficient funds to cover it in their PayPal account.
It’s complicated, but the illustration below helps to make it a bit clearer.
Often, the criminals will use stolen PayPal account details to send these payments and request Chargebacks, meaning there can be multiple victims.
How to avoid being scammed on PayPal
One of the reasons why Facebook and PayPal account logins are even available on the dark web is because users tend to use the same password for multiple websites and services. When other sites get hacked, the logins are used to attempt to access dozens of websites, including Facebook and PayPal.
So, to protect yourself, use unique passwords for each online account. If that sounds too difficult, then use a password manager such as LastPass to remember all the logins – you only have to remember one password to log into the manager.
In this case, though, your own security habits may not be the problem. So if a Facebook friend asks to use your PayPal account in this way, call them and see if it’s really them asking you to do it.
PayPal’s Press Office said, “We advise customers to be wary if they receive unusual requests about their PayPal account, especially requests to move large amounts of money, even when the request appears to come from someone they know. Always question uninvited approaches in case it’s a scam, and check directly with the person concerned to verify the request. And never accept or move money on behalf of someone else.”
There are lots of Facebook scams to avoid, but by using your common sense, running good security software and not re-using passwords across lots of websites, you stand a much better chance of keeping your money and your personal data safe.
For further reading, here are more reasons why you need to have good phone security.
Related articles for further reading
Author: Jim Martin, Executive Editor
Jim has been testing and reviewing products for over 20 years. His main beats include VPN services and antivirus. He also covers smart home tech, mesh Wi-Fi and electric bikes.