Who’s Behind Your Phony Facebook ‘Friends’

Image: Markus Spiske, Unsplash.com.
More than a quarter of all internet traffic is driven by bad bots, software applications running automated tasks which can pretend to be Facebook friends in order to harvest information and other malicious activities. In 2019, 21.1-percent of country blocks were Russia, followed closely by China at 19-percent. The United States, the “bad bot superpower” accounts for 45.9-percent of all attacks.

Robert Moore

Herald Staff

[email protected]

The next time you receive a friend request on Facebook, you might want to check carefully before you approve it. The person making the request might just be a scammer.

The Better Business Bureau recently reported a consumer was contacted by an old friend on Facebook, claiming they had won $150,000 from Facebook founder Mark Zuckerberg. They were asked to pay $1,000 upfront as security. This reporter was recently spammed about a potential huge settlement from Social Security from a new Facebook friend. In both cases, scammers were hiding behind cloned accounts—accounts with copied profile photos designed to trick users into giving up information and money.

Scammers don’t just pretend to be Facebook friends. Some scammers have even claimed to be the Better Business Bureau, posting fake job openings on LinkedIn. The BBB has also received reports of spoof websites and ads that mirror legitimate companies. Victims report clicking on social media ads to purchase products from well-known companies such as Hanes or Little Tikes, and never receive the products they paid for because the websites were not legitimate. The BBB recommends visiting the company’s website directly instead of clicking on an ad. If the ad is legitimate, the coupon code will be available on the legitimate website.

Fake accounts have been a continuing problem on social media in general and on Facebook in particular. In 2019, the Harrodsburg Herald reported about scammers impersonating Burgin Police Chief Chad Baker and former Harrodsburg City Commissioner Scott Moseley. While Facebook claims to remove most cloned accounts within minutes of their creation, the sheer number of attempts means some bad actors are guaranteed to get through. In the last six months of 2020, Facebook claims to have removed 2.6 billion fake accounts, according to the platform’s 2020 Community Standards Enforcement Report. To put that number into perspective, the social media platform claims to have 2.8 billion total users.

Most of these fake users are bots, software applications running automated tasks, such as harvesting publicly available information to clone new social media accounts. Many bots avoid detection by cycling through random IP addresses, entering through anonymous proxies, changing their identities and mimicking human behavior. Using bots, a scammer running an operation so small it can be contained in a single thumb drive can generate millions of fake accounts. And while the response rate is generally low for cloned accounts asking for money, it’s still good enough to keep scammers in business. According to the 2020 Bad Bots Report—which is compiled by the cybersecurity firm Imperva—nearly a quarter of all online traffic is from bad bots, with nearly half the bot attacks originating here in the U.S.A.

Other scams reported in May by the BBB:

Fake utility cutoff notices. Scam callers claiming to represent utilities claim victims’ electricity will be shut off due to nonpayment unless they pay over the phone or via an online payment service.  Utility companies do not demand payment over the phone. Kentucky Utilities advises customers who have received a suspicious phone call, text, email or visit demanding payment to first check their account status before paying anything or providing additional information. You can check your account online at my.lge-ku.com or by calling 1-800-981-0600 and press 1-2-1 for billing and payment matters.

Anyone who may have fallen victim to a scam is asked to immediately report it to the local police department and then call KU.

Fake USPS text messages. According to the BBB, multiple consumers have complained about receiving fake text messages from the post office. The messages  usually reference a change to an upcoming delivery and direct the recipient to click on a link. This is likely a phishing scam to steal victims’ personal information.

Bank scams. According to the BBB, a consumer is out several thousand dollars after falling prey to a bank manager scam. The victim received emails and text messages from a scammer claiming to be a bank manager who would assist her in becoming a beneficiary of a trust. Similar to the infamous “Nigerian prince” email, this type of scam promises a large cash return to the victim in exchange for money upfront.

Mystery shopping scams. The BBB has received more reports from consumers of mystery shopper gift card scams. One victim received a check in the mail and instructions to purchase gift cards from CVS. She was instructed to send photos of the gift cards to the scammers. The check turned out to be fake.

Lottery scams. Sweepstakes scams are on the rise. One victim received a phone call from a scammer claiming she had won a large cash prize and a new truck. The only catch was that she had to pay taxes upfront.

Puppy and kitten scams. Victims have lost hundreds of dollars to attempting to buy purebred puppies. Scammers take the money but the buyers never receive their puppies, according to the BBB.

And it’s not just man’s best friend we have to worry about. There is a similar scam for kittens. According to the BBB, a victim purchased a kitten online from a breeder. But as soon as the money was sent, the breeder disappeared—something that’s easy to do if you only exist online—and the victim never received a kitten.

How to Avoid a Scam

Here are some tips from the Federal Trade Commission.

• Block unwanted calls and text messages.

• Don’t give your personal or financial information in response to a request that you didn’t expect. Legitimate organizations won’t call, email, or text to ask for your personal information, like your Social Security, bank account or credit card numbers.

• If you get an email or text message from a company you do business with and you think it’s real, it’s still best not to click on any links. Instead, contact them using a website you know is trustworthy. Or look up their phone number. Don’t call a number they gave you or the number from your caller ID.

• Resist the pressure to act immediately. Legitimate businesses will give you time to make a decision. Anyone who pressures you to pay or give them your personal information is a scammer.

• Know how scammers want you to pay. Never pay someone who insists you pay with a gift card or by using a money transfer service. Never deposit a check and send money back to someone.

• Stop and talk to someone you trust. Before you do anything else, tell someone—a friend, a family member, a neighbor—what happened. Talking about it could help you realize it’s a scam.

• Report Scams to the FTC. If you were scammed or think you saw a scam, report it to the FTC at reportfraud.ftc.gov.

For more great stories, check out this week’s issue of the Harrodsburg Herald. Click here to subscribe to the online version.

Leave a Comment