Oh, No Oh, No Damielle's Pics Damielle's Pics

Facebook Scams, Hoaxes, and Malware

facebook by Rich Pasco

Quick Links


The social networking site Facebook is large enough to have attracted more than its share of scams, hoaxes, and malware. The same cautions should apply when using Facebook as when reading regular e-mail or outside web sites:

  • Don't believe everything you read.
  • Don't share or re-post something just because it tells you to!
  • Don't trust everything that seems to come from a friend. Your friend may be misinformed, or it may have come from an imposter stealing his identity.
That much said, there are some Facebook-specific scams worthy of special note:

Don't accept “Friend” requests from strangers

Remember your parents telling you not to accept candy from strangers? Facebook “Friend” requests are much like that candy. Remember, on the Internet, nothing is as it seems. That lonely, sexy young woman might just be a devious hacker hell-bent on identity theft or taking over your computer. Photos of lovely models are freely available online, so pictures do not necessarily represent the person behind the Facebook profile. A true friend is someone you know well enough to trust. Simply declaring someone a “Friend” on a social network does not make them one.

If you get a Friend request from someone you don't know, do not accept it right away. You might reply (with a private message) and politely ask that person how they know you. Don't accept it just because they have mutual friends of yours, because it may be that your friends fell for the scam, too. You might message your friends and ask them how they know that person. If they don't know him either, then send them a link to this page.

One reason it is dangerous is that once the person is your “Friend,” he has access to all the information you have posted just for your friends. It is even easier for him to create a duplicate profile and then befriend all your friends, and so on. See “The Duplicate Profile” below. Another is that you might trust them and then fall victim to one of the hacks to take over your computer (see my article “Every Trick in the Book.”

Another scenario: You didn't know it, but that beautiful, lonely 26-year-old woman who sent you a friend request last week is really a 45-year-old male burglar. And by posting your vacation pictures as you travel, you've just told him that your home is available for his picking.

An example phony profile: “Samantha Sarah Misty”

Here are some “red flags” which cause me to doubt the validity of this profile:

  1. Mismatch between name in URL and profile name
  2. Lives far away, suggesting that we aren't real friends
  3. Profile picture updated very recently (within hours)
  4. Has no common Friends (or no Friends at all).
  5. Speaks multiple languages (few real people speak six languages, but a large boiler-room operation could easily have enough agents to cover all six).

Phony Profile

I reported the above profile according to my directions “How to Report a Fake Profile (not impersonating anyone you know)” and look what happened:


Another phony profile: “Comfort Mylla”

I got a Friend request from “Comfort Mylla” on Thursday, January 28, 2016. It was a new account with no history before the profile picture update notice below (see the “his” in it), and only a few friends, all older men.

Comfort Mylla 1

I put the photo into Google Images and found the net awash with that same picture attached to phony profiles at various dating sites. So naturally I declined the request. In fact, I never accept Friend requests from people I don't already know.

Comfort Mylla 2

I sent “Comfort” a private message explaining that I only accept Friend requests from people I already know. In an attempt to convince me of her sincerity, “she” sent me a few more pictures, which matched other shots of “Danielle” from the Danielle FTV site at the first link above. When I asked about that, she said she used to be a model under the assumed name Danielle, but returned to Ghana to care for her ailing mum. Sure, right.

So I reported the profile as per the instructions under “How to Report a phony profile” below. Here is the result:

Comfort Mylla 3

Another phony profile: “Mary Cusack”

When I opened my Facebook account on Friday, January 6, 2017, I had a Friend request from a beautiful, sexy twenty-something young woman with a brand-new Facebook account and absolutely no other Facebook friends. Eager to learn more about her, I right-clicked on her profile photo and chose “Copy Image Location.” Then I went to Google Images, opened their “search by image” feature, pasted the link and found several articles about “The ‘Yahoo Boys’ in Nigeria.” So I pulled down the menu on my new friend's profile and chose “report this profile” and “this is a fake account.” Facebook took it down promptly.

Mary Cusack

Mary Cusack Reviewed

How to Report a Fake Profile (not impersonating anyone you know)

Note: The instructions in this section are for reporting a completely fake profile not impersonating anyone you know. The process to report a phony profile pretending to be someone you know is similar but slightly different. See “How to Report a Duplicate Profile” below.

Another fake profile bites the dust! On Thursday, April 12, 2018 I got a Friend request from an obviously fake profile: Cover photo created two hours ago by an attractive young woman with no friends, who inhabits places I seldom visit. I wasn't content to just decline the request (and let “her” continue to bug other people), I wanted the fake profile gone from Facebook. The screen shots below show how I accomplished that.

  1. First, visit the phony profile (without accepting the Friend request). To do this, first click on the two-faces icon in the top bar to bring up your list of Friend Requests.

  2. Next, click on the highlighted name in your Friend Requests list (neither the “Confirm” nor the “Delete” button).
    Friend Requests
  3. Pull down the menu next to the word “Message” to the right of the profile name.) and click “Give feedback or report this profile”
    Give feedback or report this profile

  4. Next, click on “Fake Account” and click “Send”.
    Give feedback on this profile

  5. On the screen which popped up, I clicked “Report this profile” and then “Continue”
    Thanks for your feedback

  6. Epilogue: Buoyed by the positive result of my reporting this obviously fake profile—Facebook removed it—I have subsequently reported a number of equally obviously fake profiles, but unfortunately in most cases Facebook has allowed it to stand because it doesn't violate their “Community Standards.” To me this says that they condone lying as long as you don't use dirty words or post sexy pictures. I say, keep reporting them but be prepared for this:
    doesn't violate

For More Information about Friend Requests from Strangers

The Duplicate Profile

Hackers copy your name and your profile picture and create a new Facebook account. They send Friend requests to all of your Friends. Your friends think it is you, so they accept. From then on, the hackers can say and post whatever they want under your name.

Hacked vs. Cloned (or Spoofed)

Please carefully distinguish between two terms:

  • “Hacked” means that someone logged into your account (and possibly modified its content or otherwise acted on your behalf). An appropriate response is to change your password.
  • “Cloned” or “Spoofed” means that someone copied its publicly visible features (profile and cover photos, intro, biography and birthday) to create a phony account in your name. An appropriate response is to (1) report the phony account to Facebook management so they can take it down and (2) hide your list of friends from public view.
Too often, I read well-meaning friends of someone whose account was cloned telling the victim that their account was “hacked” and to change his password. Not only is this technically misleading, to change one's password is both unnecessary and ineffective in this situation.. It is unnecessary because there is no evidence that the original account was logged into or modified in any way—only published data was accessed. It is ineffective because changing one's password neither removes the phony profile nor stops the impostor from continuing to send Friend requests to the victim's Friends.

Confusion between hacked and cloned profiles resulted in an e-mail virus claiming that hackers could post insulting messages ostensibly from you on your friend's “wall” (status timeline). As this article explains, any such messages may appear when your friends accept clones of your profile.

Was your account Hacked?

As noted above, “Hacked” means that someone logged into your account without your permission. A good way to tell whether your account was hacked is to review Facebook's list of places and devices from which your account was accessed, here. If you see a place or device other than your own, you should change your Facebook password immediately!

Defenses against being Cloned

Configure your account so that your posts by default are visible only to your Friends, not to the general public. Your public profile should list only what is necessary for someone to recognize you.

Keep your Friends list non-public (so it is not publicly visible). While this won't stop a hacker from cloning your profile, it will reduce his motivation to do so, because then if he does, he can't send Friend requests to all your real Friends. How to do this is explained below.

If you have a Facebook account, use it! Post frequent status updates (with photos if possible) for your Friends' eyes, about what you're doing in your life. That way they will know they are your Friend and be less likely to accept a second Friend request. It will also make it easier to distinguish the real you from your clone (the hacker would have to copy your updates one by one, which would introduce a delay.)

Periodically enter your name into the search box at the top of the Facebook screen. If you see a second profile with your name and profile picture, open it and report it as a fraud to the Facebook authorities.

Sadly, sometimes hackers will Block the account of the person whose identity the are stealing. (In Facebook, if you “block” a profile, you don't exist as far as that person is concerned. But the rest of the world can still see you.) In this case, you may have some success asking a friend to follow the above procedure on the duplicate account, except choosing “pretending to be someone I know” in the last step.

If you get a Friend request from someone you thought was already your friend, do not just Accept it. Instead, contact them (by a trusted means, not via the fake profile!) and ask about the duplicate. If they did not intend to create it, they should report it as above.

How to Report a Duplicate Profile (impersonating someone you know)

Note: The instructions in this section are for reporting a phony profile pretending to be someone you know. The process to report a completely fake profile not impersonating anyone is similar but slightly different. See “How to Report a Fake Profile” above.

Note 1: Access Facebook via a web browser. I don't know how to report a phony profile from a cell phone's Facebook “app.” In fact, I don't think you can.

Note 2: These instructions assume the imposter has a full Facebook profile. Recently, some imposters have been creating Messenger-only accounts, without an associated Facebook profile. For these, see Messenger-Only Accounts below.

  1. First, visit the phony profile. If you got a Friend request from a phony profile, you can visit it without accepting the Friend request by clicking on the highlighted name in your Friend Requests list (neither the “Confirm” nor “Delete” button).
    Friend Requests

  2. Pull down the menu next to the word “Message” to the right of the profile name.) and click “Give feedback or report this profile”
    Give feedback or report this profile

  3. Click “Pretending to Be Someone” and “A Friend” and then click “Send”
    Give feedback on this profile

  4. Start typing your Friend's name. When you see it on the list, click the circle next to it. When the dot appears, click “Next”
    Which Friend?

  5. Read the acknowledgment and then click “Done”
    Thanks for your feedback.

Keep your Friends list non-public

It is a good idea to keep your list of Friends hidden from public view, for at least two reasons:

  • To make it harder for a hacker who creates a phony clone of your profile to send Friend Requests (or Messenger Messages) to all of your real Friends (see “The Duplicate Profile” above).
  • To make it harder for spammers to put your name on the “From:” of email spam to your friends, or your friends' names on email spam to you.

To do this on a web browser:

  1. Go to your home profile page (by clicking on your name in the blue bar at the very top of your screen).
    Home Page
  2. In the bar under your name and profile picture, click on Friends.
  3. On your Friends page, click on the pencil icon at the right of its heading.
  4. On the pop-up menu, click on “Edit Privacy.”
  5. On the Edit Privacy dialog, pull down the menu next to “Who can see your friend list?” and click on “Friends”. Then click on “Done” to close the dialog and save your choice.
    Edit Privacy

To do this on smart phone:

  1. Go to your home profile page. There, tap on “More”.
    Home Page

  2. On the pop-up menu, tap on “View Privacy Shortcuts”.
    More Settings

  3. On the “Privacy Shortcuts” page, tap on “See more privacy settings”.
    Privacy Shortcuts

  4. On the “Privacy Settings” page, look under “Who can see your friends list?” If it says “Everyone” then tap on it.
    Privacy Settings

  5. On the “Friends List” page, tap on “Friends.”
    Friends List

Update March 19, 2018: Caution: The above steps are worthless if you explicitly grant a third party permission to access your Friends list. Today's news brings reports of a scandal where a voter harvesting scheme involved a personality quiz application which opened with a question like, “This app needs to access your Friends list, OK?” Many users clicked OK without understanding the implications of this action.

Update October 7, 2018: To make matters worse, a viral chain letter began circulating recently. It begins by stating “I actually got another friend request from you...” (which is not true) and then concludes with instructions to forward it. So getting it does not really mean that you were cloned; all it means is that the person who sent it to you obediently followed the “forward” instructions without even understanding what it claims. The insidious thing about this hoax is that awareness of it may lead people to dismiss all reports of account cloning, and so ignore genuine ones, just like false fire alarms may cause people to ignore real ones.

Chain Letter

As I see it, the biggest problem with the viral hoax message is that people who know that it is false may then dismiss genuine reports of cloned accounts, mistakenly thinking that all such reports are part of the hoax..

Frequently Asked Questions (FAQ) about cloned profiles


How can I prevent my profile from being cloned?


You can't prevent anyone from copying the publicly visible parts of your profile. But you can certainly discourage it by hiding your friends list from public view. That reduces the incentive because anyone who did clone it would not know to whom to send Friend requests,


I followed your instructions to hide my Friends list from public view. So am why am I still getting Friend requests from impostors impersonating my Friends?


You've got it the wrong way around. Hiding your Friends list will discourage hackers from cloning your profile (because they won't know to whom to send their Friend requests). Unfortunately if your Friends have not hidden their Friends list (on which you appear), then the hackers will still clone their profile and send their Friend requests to you. In short, hiding your friends list will discourage hackers from cloning you, but will not prevent you from receiving Friend requests from clones of your friends.


My life is an open book; I have nothing to hide. What's the harm in leaving my Friends list be Public?


While you may have nothing to hide, leaving your Friends list Public virtually invites scammers to clone your profile and send Friend requests to all your Friends. See the next question for why this is bad....


Why should I care if a hacker cloned my profile? What are the consequences of just letting it be?


While you may know that the clone is phony, your friends may not. If your real friends accept the impostor, then he can see information they had posted for their friends' eyes only:

  • The impostor could communicate with your Friends and, building on their trust of you, suggest investments, charities, or causes to support. They could fall for a scam by thinking the impostor's advice was coming from you, their trusted friend.
  • Or maybe your Friend had posted about going on vacation, for just his Friends to read. The impostor, seeing this, could send his friend the burglar to your Friends's house which now knows it is vacant.

But what if I already did accept a Friend request from a hacker pretending to be my friend?


unfriendYou should un-Friend the phony account ASAP. To do so, visit the phony profiles, and near the top, click on little triangle next to the word “Friends” and choose “Un-friend” from the pop-up menu.


How can I find out whether my profile was cloned?


Unfortunately there is no sure-fire way to tell. The best way seems to be to enter your name (as shown on your profile) into the search box at the top of your Facebook screen. You may find harmless unrelated namesakes (especially if you have a common name like “Bill Jones”), but you need to be concerned if you see any profiles other than yours with a copy of your profile photo. This might not work is if the impostor blocked you. Sometimes (but not often) impostors block their victims so as to evade detection.


My profile was cloned. Do I need to change my password?


While it is a good idea to change your password from time to time, there is nothing about simply being cloned to suggest that your account was compromised. Most likely the hacker created a new profile based on your public information (including public images).


My profile was cloned. Should I close my Facebook account?


Absolutely not! Not only is there no evidence that your account was compromised, closing it would not stop the hacker from continuing to impersonate you. It would allow him free reign over your identity while removing your only weapon to fight him.


My profile was cloned, but I can no longer see the phony. Does that mean it was taken down?

A. It actually could mean any of three things:
  1. The phony profile was taken down.
  2. The hacker blocked you, his victim, so that you could not see the phony.
  3. Earlier, you yourself blocked the phony profile. In this case you need to unblock it in order to report it as above.

When dealing with cloned accounts, it is helpful to note (on a piece of scratch paper, or in a temporary file) the subtly different URLs (web addresses) of the genuine and phony accounts. For example, my genuine URL is

If there were a clone, it would have a different URL, usually with a number after it or in place of the name.

Editorial Commentary

by Rich Pasco
It is indeed unfortunate that Facebook's default setting (what new users get if they don't deliberately change it otherwise) is for your list of Friends to be visible to the entire world. I think that this is dangerous, because it encourages hackers to publish impostor profiles and then send Friend requests to all the Friends of their victims. So I encourage everyone to change their settings to hide their list of Friends from public view. I really wish that Facebook would change their default for new accounts to make your Friends list visible to your Friends only, but of course nobody in charge there ever listens to me.

For More Information about Duplicate Profiles

Messenger-Only Accounts

The above instructions to report a duplicate profile assume the impostor has a full Facebook profile. Impostors have avoided being reported in this way by creating messenger-only accounts, which allow the user to use Facebook's Messenger function without a full Facebook profile behind it.

Example Messenger dialong with an impostor

On Tuesday, January 15, 2019, I received a message from an impostor pretending to be my friend Maggie Fassett. I knew immediately that it was an impostor because the Messenger screen said “Using Messenger without Facebook” (my real friend Maggie has a full Facebook account) and “Account was recently created” (my real friend Maggie has had her Facebook account for years). Also the URL was different (see “How to detect a phony Messenger account” below). Nevertheless I decided to play with the impostor for a while to see how he would answer some questions to which only my real friend would know the answers; in this case the medical conditon of her significant other John. Notice how he ignored my concern and returned to his canned pitch:

Dialog with Phony Maggie

How to detect a phony Messenger account

It is important to understand that the presence of a phony Messenger account does not mean that the original account was “hacked.” This would mean that someone logged into it without authorization, and that usually does not happen. More often, it was “spoofed” or “cloned” which means that an impostor copied the victim's publicly visible information (e.g. name and profile photo) to create a new phony Messenger account in the victim's name, and began sending messages to the victim's Friends (which was possible because unfortunately their list of Friends was exposed to public view). You can tell the original from the phony by looking at the URL in the address bar of your browser. For example, the two screen shots below show the URLs of my friend Maggie's real messenger account and that of an impostor. Notice that they are very different.

The real Maggie
The Real Maggie

The impostor
The Impostor

How to report a phony Messenger account

Recently, Facebook added the capability to report Messenger-only accounts as well. The illustrations below show how I reported a messenger-only impostor preteding to be my friend Maggie. First, you have to be in a Messenger dialog with the impostor to report him. Then:

  1. Click on “PRIVACY & SUPPORT” at the right side of a message from the phony.
  2. In the menu which appears, click “Something's Wrong”
    step 1-2
  3. On the next screen, click “Pretending to Be Someone”
    step 3
  4. Click “A Friend”
    step 4
  5. Click “Send Feedback”
    step 5
  6. On the “Which Friend?” screen, click the name of your real friend who is being impersonated
  7. Click “Next”.”
    steps 5-7
  8. On the next screen, view the confirmation (the other optional steps are usually unnecessary) and click “Done.”
    steps 7-9

Beware of Messages Bearing Videos

Hoax Video If you get a private message via Facebook's Messenger component, apparently from a friend, with what looks like link to a video, do not click on that link without first asking your friend what the link is about. It may be that your friend's account was compromised and the link is malicious. Or it may have come from an impostor who copied your friend's name and profile photo to create a phony clone account. The general rule is, never click on a link received in any unsolicited message, even if apparently from a friend, without a clear understanding of exactly what is at that link. Ask you friend what's there and why he sent it to you!

A good question to ask might be, “So how did the impostor originating this link know that the friend so linked and I are friends?” It may be because one or the other or both of you have your list of Friends open to public view. You might want to check yours, and invite your friend to do likewise. For more, see “Keep your Friends list non-public” above.

For More Information about Malware

The Phony Login Screen

One version of the phony video scam is an instance of the phony login screen scam. In this version, clicking on the link to the alleged video takes you to a phony login screen, carefully crafted to look just like the Facebook login screen. You may think, “Hey, wasn't I already logged in to Facebook?” If you wisely close it, knowing that you are already logged in, then you are safe. But if you fall for the scam and enter your credentials (username and password), you have just given them to the hacker, who then has complete control over your Facebook account. In the latter case you need to change your Facebook password ASAP.

So how can you know whether the Facebook login screen is genuine? As noted above one clue that it may be phony is that it comes up while you think you are already logged into Facebook. To tell for sure, check the URL in your browser's address bar. It is genuine only if it begins exactly as shown here, from the lock icon (green or gray is OK) and “https” through “facebook.com”:


Privacy Notice and Rescinding Terms and Conditions

A lot of people don't understand the difference between the terms “published” and “public domain.” The former simply means that an artist (or author) has posted his work where others can see it. The latter means that the artist has surrendered copyright ownership of his work. Simply publishing a work does not place it into the public domain. The artist retains copyright unless he specifically states that he is donating it to the public domain. The artist may, under his copyright, grant permission for others to copy his work provided they give due credit, but again, such permission does not put works into the public domain. One place this nuance is a frequently misunderstood is in Facebook's terms of service, which state that when you post anything on Facebook, you give them permission to distribute it. After all, that is why you post it! But merely posting something on Facebook does not place it into the public domain.

In November 2012 and again in January 2015 and January 2019, countless Facebook users began posting a notice to their profiles encouraging their friends to do the same, apparently rescinding the Terms and Conditions they agreed to by signing up for Facebook. This is a virus in that it tricks others into reproducing it, while being a worthless, misleading waste of time. Think about it:

  • You cannot unilaterally changed the Terms and Conditions to which you agreed by opening your Facebook account, certainly not by posting a few magic words to your status timeline.
  • In order to do its job, Facebook must disclose, copy and distribute the text and photos you post: that is the whole reason you upload them to Facebook in the first place. If you don't want to share them, then don't post them on Facebook.
Here are two variants of that hoax which I received during the first week of January, 2019:

everything you've posted
According to WALB

For More Information about the Privacy Notice Hoax

Graph App and Privacy

Since February 2013, there's another false “urban legend” going around on Facebook, claiming that their Graph App compromises user privacy. Read the truth by David Emery and on Snopes.

Quick! Share this photo before Facebook censors it!”


This is the photo that Facebook keep taking down and keeps disappearing from all pages including comments. See if we can keep it going. This woman had this tattoo to cover her mastectomy scars. I think it is beautiful and brave. What is so offensive Facebook?

Image from Bodies of Subversion: A Secret History of Women and Tattoo by Margot Mifflin, copyright © Powerhouse Books

A friend shared a beautiful photo showing the chest of a woman who has covered her mastectomy scars with beautiful tattoos. The caption says that Facebook keeps taking it down and urges you to share it immediately so as to “keep it going.”

The beautiful photo is real but the caption is another viral hoax which propagates by tricking its recipients into making copies of itself. Beautiful as the photo is, it is a shame that somebody has misused it as incentive to propagate this hoax.

Just a note to the technologically uninformed. If Facebook were to remove a photo, then every “share” of it would also immediately vanish too, and be replaced by a “Content Unavailable” message. So if you think you are preserving something by sharing it, think again. That's just not how Facebook works!

If you really want to save the photo, you should download a copy to your personal hard disk. Right-click the photo and choose “Save Image As...” (exact wording may vary with your browser). And remember, Don't “Like” or “Share” pages from users you don't know

“Restricted Video” Scams

Your friend shares on his status/timeline what looks like a link to an interesting video (e.g. “Rowan Atkinson died in car crash” or “World's largest snake found in Brazil”), but when you click in it you get a message that says it is a restricted video and you must share it first in order to see it. Doesn't that seem strange? Personally, I share something after I watched it, not before. If you do share it, you have become an accomplice in spreading this junk, just like your friend. Some examples follow:

RIP Mr. Bean

You see a post ostensibly announcing the death of a celebrity (in this example, Rowan Atkinson) and want to learn more, so you click on it. A seemingly legitimate news video starts playing, but then is interrupted by a “Security Check” pop-up, instructing you to Share the video to prove that you are over 18 in order to continue watching. How sharing the item would prove anything about your age escapes me, but if you do, you are led to more diversions, aimed at installing malicious software (malware) onto your computer, extracting your credit card number, or both.

RIP Mr Bean

RIP Mr Bean

World's Largest Snake


The link your friend shared leads to a page on a different domain than facebook.com, which is cleverly designed to resemble a Facebook page (that it is not). This too is a clue that it is fraudulent.

People who have persisted report that the process leads to a “survey”; which asks your cell phone number. If you provide it, you get signed up for a “service” which is then charged via your cell phone bill. Don't fall for it!

For More Information about Scam Links

Phony Charity and Promotion Scams and Political Posts:
Don't “Like” or “Share” pages from users you don't know

Facebook is no stranger to “e-mail viruses,” defined as messages which just beg to be shared (or forwarded) because they contain an urgent-sounding warning, a heart-wrenching plea, an offer of something for nothing, or a heart-warming story. It is imperative to check the validity of claims made by an item before you share it.

There are a whole class of scams which promise a valuable prize (or a chance at winning an even more valuable prize) just for Liking, Sharing, and/or Commenting on a free offer. The scammers come up with these faster than I can document all of them here, so just because one does not appear among the examples below does not make it legitimate. Remember, “if something seems too good to be true, it probably is,” and “A virus is that which tricks its victim into reproducing itself.

Since Facebook sends you more stuff from users you like, unscrupulous hackers eager to get exposure will do anything to get you to “Like” or “Share” their content. Once they have baited you with cute animals, heart-wrenching tales, or offers of free stuff, they can then use their popularity to broadcast scams and malicious software (malware). Some falsely offer a reward if only you forward them. One common hoax contains a heart-wrenching photo of a deformed or maimed child and a claim that Facebook and CNN will contribute some amount for every Share or Like. These hoaxes are very common.

Also, phony political ads abound, as the 2016 election demonstrated. Not everything is as it seems to be! For example, phony news items which may claim to show friendship between a politcal candidate and a particular minority may actually be posted by opposing parties to incent opposition to that candate. Check your facts and only share items of which you have personal first-hand knowledge.

Example Scam: Mother's Day Digital Coupons


You see an advertisement offering coupons which look authentic and offer fantastic deals at well-known merchants. To get them you have to fill out a form asking for name, phone number, and bank account information—which a legitimate vendor would never request. Enter that information, and you become victim of identity theft and your bank account is emptied. Don't fall for it. This video tells more:

Example Scam: Coca Cola 24 Pack Giveaway Facebook

Allegedly the Coca Cola company is giving a free 24-pack to everyone who shares a post announcing that fact. In reality you are helping the scammers earn a commission, and you get nothing.

Example Scam: The “Free Airline Tickets” event

I got an invitation from a friend to join a Facebook “Event” whereby I could win free airline tickets simply by inviting 200 friends. The item claimed that Qantas airlines was giving away 17,000 free airline tickets! I didn't believe that claim, and checked with the real Qantas Airlines who confirmed it was a scam. What amazes me is how many people are so driven by greed as to carefully follow the instructions below without question.

Get 2 Free Quantas Tickets
Give Away 17,000 Airline Ticekts


Premium Account Trolling

Where you might expect to see a photo, you instead see a sign stating that the photo is only visible to Gold or Premium users. There may or may not be a link whereby you can send money to “upgrade” your account. If there is, do not send money. It is an old hoax.

This photo is only viewable Facebook PremiumŪ users

“Copy and Paste” Instructions

copy and paste

Sometimes, on a friend's status timeline page, I read a heartbreaking plea or an urgent-sounding warning, which concludes with instructions to “copy and paste this post to your own status page—do not share, be sure to copy and paste.” So what do I do next?

  1. I immediately realize that my friend did not thoughtfully write from his/her own experience, but merely robotically followed someone else's instructions to copy and paste it.

  2. I recognize that my friend has fallen victim to a form of virus, defined as “that which tricks its victim into making more copies of itself.”

  3. I wonder how seriously my friend takes our friendship if he or she would test it by whether or not I am willing to copy and paste a chain letter.

  4. I may reply with a statement that I post only original material to my status timeline; I don't copy and paste anything, especially not things that tell me to. I may include this link to this article:

  5. I certainly do not follow the instructions to copy and paste it. And I recommend that you don't, either.

Okay, I got suckered into copying and pasting a hoax. Now what?

You should delete it. Just posting a comment under it stating that it is phony will not effectively stop it from propagating, because many people may follow the copy-and-paste instructions without reading the comments.

How to Delete a Post

Here is how to delete an item you have posted on your status timeline.

  1. Pull down the menu from the caret in the top-right corner (or, if on a cell phone, hold your finger on the post to get the menu).
  2. Click Delete. It's that simple.

How to Delete

Further Reading

Same Old 26 Friends

tips to bypass

A friend posts an item claiming that “Facebook has a new algorithm”, and that to help them see more friends on their news feed, you need to comment on this post. Oh, and by the way, please copy and paste it to your own status timeline so as to spread the word. What do you do?

Here's what I do. First, I ask them for the technical details behind their post. I write something like this:

I have been trying without success to get some solid technical information about this supposedly “new algorithm”—beyond what is an a copy-and-paste chain letter. Can you help me with some specific references? Among my questions are, (1) on which exact date was this “new” algorithm put into service? (2) Specifically, what was changed from the “old” algorithm used before that date?
Usually my friend replies by admitting that they actually know nothing about Facebook's algorithms (which does not surprise me, because nobody outside the Facebook engineering team does), and that they have fallen victim to a copy-and-paste virus (see above).

Second, I give them the links to the articles below.

Even so, I am amazed at how many people who have spread this falsehood won't take it down (see “How to Delete a Post” above). Instead the try to retroactively justify their mistake with “well, it can't hurt though.” When I was a child, my mother told me that the harm in spreading a false rumor is simply that it is false, and that my friends would come to doubt anything I said.

Further Reading about “Same Old 26 Friends”

“Facebook is Limiting My Reach”

Facebook is limiting my reach

Yes, I can see it, but please don't be so paranoid: Facebook does not limit anybody's “reach” (whatever that is). The truth is:

  • If you post for a specific audience (e.g. your Friends) then all of that audience can see it by looking at your status timeline (home page) any time they choose.
  • Facebook edits what any individual user sees in their news feed, depending on whom they are “Following,” according to a complicated algorithm involving what they have “Liked” and commented on in the past.
So the grain of truth is that liking or commenting on this post may increase the likelihood that you will see more from this person in your news feed in the future. Do you want to?

Redacting History

When a friend changed her Profile Picture, she noticed an announcement that she had changed her profile picture appeared on her Timeline. She quickly selected the announcement and invoked “hide from timeline” on it. Indeed, it was hidden from her timeline, but the same announcement also appeared in the Newsfeeds of her Friends who Follow her, and was not removed therefrom by her action of hiding it from her timeline.

Blocking Secret Followers

Yet another Facebook virus is a forwarded message which claims that you should search for people following yourself by searching for “following me” and blocking the names which turn up. But really, this searching simply lists people who have the letters me in their names, not people who are following you. You end up blocking total strangers for no good reason. What a waste of time!

More about secret followers

Excuses for Keeping False Posts Online

When I see that a friend has forwarded or shared fake news, I usually comment to call them on it, often substantiating my comment with a link to a mainstream news article giving the facts or a link to a Snopes article exhibiting the fallacy in their post.

  • “Who the hell are you to tell me what I can and cannot post on my own status timeline?”
  • “I don't care whether it's true; it illustrates what I was trying to express.”
  • “I don't know how to delete it; Facebook is technically beyond my grasp.”
  • How dare you embarrass me to my friends?
  • “Well, it just might be true, and better safe than sorry!”
  • “The only reason you think it's fake is that you are gullible enough to believe the main stream media (MSM). My site is correct; the MSM are all in conspiracy to suppress that truth.”
  • “You know Snopes is wrong, don't you? They are controlled by the   [insert conspiracy name here]  .”

For More Information about Facebook Scam and Hoaxes

Index to all of Rich Pasco's articles on e-mail and viruses

Rich Pasco's home page

Copyright © 2010-2018 Richard C. Pasco. All rights reserved.