• Welcome to the FREE TUGBBS forums! The absolute best place for owners to get help and advice about their timeshares for more than 32 years!

    Join Tens of Thousands of other owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 32 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 32nd anniversary: Happy 32nd Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    All subscribers auto-entered to win all free TUG membership giveaways!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $24,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $24 Million dollars
  • Wish you could meet up with other TUG members? Well look no further as this annual event has been going on for years in Orlando! How to Attend the TUG January Get-Together!
  • Now through the end of the year you can join or renew your TUG membership at the lowest price ever offered! Learn More!
  • Sign up to get the TUG Newsletter for free!

    Tens of thousands of subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

Facebook Messenger scam snags 10 million victims

MdRef

MdRef

Guest
Joined
Sep 15, 2021
Messages
1,313
Reaction score
1,272
Resorts Owned
Las Vegas, Orlando
If you're doing any of your timeshare business or other dealings through Facebook, this is a brief description of how this scams works.

One phishing scheme, has impacted 10 million people and counting. Someone takes control of your Facebook page or another social media site. According to Chris Cleveland, founder, and CEO of PIXM, this begins on Facebook Messenger. In the article he explains an attack typically starts with a message from someone you know. This message however, isn't from your friend. It's from some hacker who has taken over their page.

The message, will ask you for information or some credentials there. Once done, that person can send that message to all your friends, pretending of course
to be you and propagate the message that way. According to PIXM and HelpNet Security, you click a link about something interesting or perhaps a government stimulus or grant program, that appears to be sent by a friend. Once you click the link, you're redirected to a legitimate ad, which of course makes the whole thing look official, before being sent back to a fake login page. That's where you're asked to re-enter your Facebook password. As soon as you do that, they now have control of your account.

As he says, two-factor authentication is a must. This will send you a text alert before anything is changed on your account. Beware of any unusual requests from "friends", such as requests to click something to get free government money. Always remember, even if you trust that person, make sure you contact them first before prior to taking that call to action or clicking on that link. As he explains, never use your Facebook password for other accounts. If the password is compromised in any way, the hacker can get into your other social media accounts, even your bank account.

threatpost.com

Facebook Messenger Scam Duped Millions

One well crafted phishing message sent via Facebook Messenger ensnared 10 million Facebook users and counting.
threatpost.com threatpost.com
 
Are you saying I will not be getting 25k wired to my bank account. They have the RTN and account number.
 
A few weeks ago DH got an email in his Hotmail that there was a failed log in on his Facebook from some other country, cant remember where now. The email looked (to him) official and asked him to click on a link to enter his log in info. He did and then immediately thought better of his decision. By the time he went to his Facebook page he had already received a bunch of messages from his friends saying they were getting weird messages from them. His FB account had been hacked! He quickly changed his FB and Hotmail passwords and had no further problems. I showed him how to hover the mouse over the 'from' or link on the emails to see the actual email address of the sender or where the email was directing him. :doh:


~Diane
 
I get upwards to 100 junk emails daily, many with the “someone tried to log into your account”, prizes I had won, packages not delivered, my antivirus expiring, my Netflix account being cancelled, and an offer to apply for an Aspire card. Of course, all of these had scam links. I was disappointed as I could have used that power drill or Weber BBQ.

I’ve also received a couple of friend requests on Facebook, people I was already friends with. The first time was a person I hadn’t talked to in awhile. I just assumed I was de-friended and then friended again. I soon got a FB messenger note saying “Hi, how you doing”. After a couple more generic messages back and forth this “friend” came back with “have you heard about the $50K grant application?” I knew it was a scam. Now when this happens I just send a message to the real friend letting them know their account was hacked.

I recently got a phone text saying “Claire, please be sure you have the draft ready for Monday”. Being the nice guy I am, I responded that there was no Claire at this number and wanted to let them know so Claire didn’t get in trouble. A little while later, I get a text from that number again “It is amazing how we randomly meet people. Where are you from?” Don’t know what that scam was but I blocked the number.

I’ve been receiving phone calls over the past few weeks from area code 850. I have ignored them. The numbers would change slightly so blocking them was no use. After the third call yesterday by 11:30 am I was annoyed so I answered. She began with a vacation spiel. When I first asked who it was she said RCI. When I pressed she said Destinations Travel Group. This is a new (2021) vacation club scam. They obviously ignore the DNC lists and spoof their numbers so that screams scam alone.

Scams are everywhere. People just need to be on their toes and not believe everything they hear or read.
 
Last edited:
The new level of email scams come from the "correct" email address. I started seeing this several months ago.

I have been casually researching ways to "validate" email from friends or businesses I trust. I say casually, because I am not intensely doing so, but I am looking for an easy solution.

Email has almost become worthless to me as a way of communicating because of the scams
 
Year's ago one of our Senior VP's got a weird email. It said click here if you do not want emails from us again. That confirmed to the folks on the other end that it was a valid email address. He started getting Porn from all over the World. It took quite some time for the Corporate Computer Department to clean out his system and stop the porn.
 
A couple months ago my step-mother opened a new bank account so publisher's clearing house could deposit a million dollars in it when they delivered her rolls royce. So sad, she is pretty competent, but that event convinced her she isn't. She gave me POA and stopped driving. The latter is probably a good idea (the little dents on each corner type stuff, she barely drove). Just sinful, although she wasn't scammed per se (he didn't get anything from her), he definitely affected her in other ways.
 
MdRef said:
If you're doing any of your timeshare business or other dealings through Facebook, this is a brief description of how this scams works.

One phishing scheme, has impacted 10 million people and counting. Someone takes control of your Facebook page or another social media site. According to Chris Cleveland, founder, and CEO of PIXM, this begins on Facebook Messenger. In the article he explains an attack typically starts with a message from someone you know. This message however, isn't from your friend. It's from some hacker who has taken over their page.

The message, will ask you for information or some credentials there. Once done, that person can send that message to all your friends, pretending of course
to be you and propagate the message that way. According to PIXM and HelpNet Security, you click a link about something interesting or perhaps a government stimulus or grant program, that appears to be sent by a friend. Once you click the link, you're redirected to a legitimate ad, which of course makes the whole thing look official, before being sent back to a fake login page. That's where you're asked to re-enter your Facebook password. As soon as you do that, they now have control of your account.

As he says, two-factor authentication is a must. This will send you a text alert before anything is changed on your account. Beware of any unusual requests from "friends", such as requests to click something to get free government money. Always remember, even if you trust that person, make sure you contact them first before prior to taking that call to action or clicking on that link. As he explains, never use your Facebook password for other accounts. If the password is compromised in any way, the hacker can get into your other social media accounts, even your bank account.

threatpost.com

Facebook Messenger Scam Duped Millions

One well crafted phishing message sent via Facebook Messenger ensnared 10 million Facebook users and counting.
threatpost.com threatpost.com
Click to expand...
I have a theory on this.. as it seems fairly frequent I get a FB message from someone that is already a friend. They used to ask you to be your friend, but more likely now, they send you a message and you are asked to accept it. Since if someone is already your friend, you shouldn't need to give them permission to message you - there's the red flag.

I have since made my list of friends private (so phishers can't duplicate your account and then send your friends messages from the fraudulent account). However, if you update your profile picture, and people like it or comment on it - that data is not private. And I think that may be how scammers are getting your friends information, even if your friends list is private.
 
emeryjre said:
The new level of email scams come from the "correct" email address. I started seeing this several months ago.

I have been casually researching ways to "validate" email from friends or businesses I trust. I say casually, because I am not intensely doing so, but I am looking for an easy solution.

Email has almost become worthless to me as a way of communicating because of the scams
Click to expand...


I agree that many scams appear to come from the "correct" email address. That said, click on return and then see what email address actually shows up if you were to actually return the email.

I received something very legitimate looking from CVS the other day, but when I clicked on return it showed a foreign name and email address (definitely not from CVS).



.
 
GUYS! How many times do you get solicited from someone posing as a young lady via text. Just today Lillian texted me claiming she had her contacts restored and did not know the name associated with my number!

Yeah Right! Fuggetaboutit!

Delete then Block!
 
PigsDad said:
I guess you're more of a lady's man than I, since I don't get those. :ROFLMAO:

Kurt
Click to expand...
Must be. I get similar BS in my junk email account.

It's at the point where I don't click on links in email.
The job sends us Phishing drill emails monthly. If we suspect anything phishy we just forward to an internal address that sniff's it out.
 
billymach4 said:
The job sends us Phishing drill emails monthly. If we suspect anything phishy we just forward to an internal address that sniff's it out.
Click to expand...
Yes, my previous employer (before I retired) did the same thing. However, if you did click on the phishing link instead of reporting it or ignoring it, then you had to take a mandatory on-line security training course! :oops:

Kurt
 
  • Like
Reactions: Tia
I am constantly receiving texts from banks with the message "your account has been blocked" or your debit card has been blocked. I don't even have an account with one of the banks. I just delete.

Lot's of spam emails - the big one is that UPS, USPS or Amazon has been trying to deliver a package. Delete, delete.
 
RX8 said:
I get upwards to 100 junk emails daily, many with the “someone tried to log into your account”, prizes I had won, packages not delivered, my antivirus expiring, my Netflix account being cancelled, and an offer to apply for an Aspire card. Of course, all of these had scam links. I was disappointed as I could have used that power drill or Weber BBQ.

I’ve also received a couple of friend requests on Facebook, people I was already friends with. The first time was a person I hadn’t talked to in awhile. I just assumed I was de-friended and then friended again. I soon got a FB messenger note saying “Hi, how you doing”. After a couple more generic messages back and forth this “friend” came back with “have you heard about the $50K grant application?” I knew it was a scam. Now when this happens I just send a message to the real friend letting them know their account was hacked.

I recently got a phone text saying “Claire, please be sure you have the draft ready for Monday”. Being the nice guy I am, I responded that there was no Claire at this number and wanted to let them know so Claire didn’t get in trouble. A little while later, I get a text from that number again “It is amazing how we randomly meet people. Where are you from?” Don’t know what that scam was but I blocked the number.

I’ve been receiving phone calls over the past few weeks from area code 850. I have ignored them. The numbers would change slightly so blocking them was no use. After the third call yesterday by 11:30 am I was annoyed so I answered. She began with a vacation spiel. When I first asked who it was she said RCI. When I pressed she said Destinations Travel Group. This is a new (2021) vacation club scam. They obviously ignore the DNC lists and spoof their numbers so that screams scam alone.

Scams are everywhere. People just need to be on their toes and not believe everything they hear or read.
Click to expand...
In one day we received 239 spam emails. Someone needs to stop these scammers in their tracks.
 
In addition to the emails offering me ways to enhance performance of an appendage I don’t have (I’m female) I’ve been receiving a lot telling me our antivirus software expired - always brands we don’t use. Many of those have no sender at all (no email address, just a string of letters and numbers), so they can’t be blocked, just moved manually to the Junk Mail folder without opening and deleted from there. It’s a daily ritual now to move email from the Inbox to Junk Mail.
 
RX8 said:
I knew it was a scam. Now when this happens I just send a message to the real friend letting them know their account was hacked.
Click to expand...
In this case their FB account would appear to have been CLONED, not hacked, but the result when you friend them 'again' is the same.
 
DRIless said:
In this case their FB account would appear to have been CLONED, not hacked, but the result when you friend them 'again' is the same.
Click to expand...
The term "hacked" seems to be used all the time when someones FB account has simply been copied/cloned. Can't tell you how many times my wife has said so and so's FB account was hacked because she got a friend request from them. Everyone else seems to use the term "hacked" as well. Hacked is when they gain access to your account. This isn't what is happening.
 
You must log in or register to reply here.
Top