Facebook account takeover, PayPal and WhatsApp fraud
We have received several reports from victims who have had their Facebook account hacked by cybercriminals who have then sent messages to their friends asking for a favour relating to PayPal.
How does this fraud work?
Fraudsters are hacking victims Facebook accounts through unknown means and then changing their password and phone number.
The fraudsters then message the hacked victims’ friends to ask them to receive payments through PayPal for various reasons. They then ask for their phone number so they can communicate through WhatsApp.
The fraudsters then convince the victim to receive funds into their PayPal account and transfer them into a bank account of the scammers choice.
A chargeback is then initiated through PayPal, leaving the PayPal account holder out of pocket as they have already sent the money to the fraudster’s bank account.
PayPal say on their website: “A chargeback happens when a buyer asks their credit card issuer to reverse a transaction that has already cleared. This can mean that a payment you’ve received in your PayPal account could be reversed, even if you’ve already posted the goods – which can of course be frustrating”. PayPal will help you as much as possible if you wish to dispute a chargeback, but the final decision lies with the credit card company. However you can also get protection with PayPal’s Seller Protection policy”.
One victim lost £3,800
In one report, an initial message sent through Facebook read: “Hey I know it sounds random but do you have a PayPal account? I sold something on Ebay”.
After the victim replied, the fraudster said: “Can I send you my bank details on Whatsapp I have changed my phone so send me your Whatsapp number and I will message you there”.
Another victim reported receiving £3,800 into her PayPal account and then transferred it into a bank account of the fraudster’s choice.
How to protect yourself and what to do if your Facebook account has been hacked
- If you receive a suspicious message from a friend on Facebook, contact them via other means to check the message is genuine.
- Create a strong password. Use three words which mean something to you but are random to others – this creates a password that is strong and more memorable. You should change passwords often and never use the same one twice.
- Consider enabling “Login Approvals” to defend your Facebook account from hackers by following this step by step guide.
- If your Facebook account has been hacked and you no longer have control, follow these guidelines on how to recover it.
Take a free trial of our Cyber Security Knowledge Check for businesses today
Comments are closed.