This PayPal and Facebook scam might cost you thousands

hacker targeting a PC
(Image credit: Shutterstock)

A new PayPal/Facebook scam has been discovered by CyberNews that is allowing blackhat hackers to steal roughly $1.6m per month from regular Facebook users.

Those who fell victim to this new scam were not hacked, forced or threatened but instead all sent out money voluntarily to their Facebook friends' bank account after receiving the same amount of funds in their PayPal accounts.

However, these funds didn't stay in their PayPal accounts for long as within a few days, all of the money they received was removed from their accounts. To make matters worse, since they sent it via bank transfer, they are unable to get their money back.

It turns out that their so-called Facebook “friend” asking for money wasn't actually someone they knew at all but rather a hacker that had managed to gain access to one of their friend's accounts. The hacker behind the scam then messaged many of the stolen account's friends until they found someone willing to participate in their complicated scheme.

PayPal/Facebook scam

According to CyberNews' sources inside the blackhat hacking community, simple faults in Facebook, PayPal and UK banks make it possible for this scam to be carried out. The hackers carrying out this scam are reportedly making roughly $2,400 per day, per hacker and 15-30 hackers are currently running this scheme every day.

The reasons this scam is so effective is due to its complexity and the fact that it often involves up to three different victims. Additionally, users don't understand that PayPal has a chargeback feature and that their Facebook friends' accounts could easily be hacked.

While CyberNews did not provide all of the details of the scam out of concern that other hackers may try to pull it off, the security research group did explain that there are two versions of the scheme. In the first version, the hacker only needs two victims with the first being the person whose Facebook account got hacked and the second victim is the target who loses money at the end. The second version involves three people as it uses both a hacked Facebook account and a hacked PayPal account.

To avoid falling victim to this scam, CyberNews recommends that users add Google Authenticator to their Facebook accounts and keep their PayPal accounts empty and link a virtual card. Also, users should be extremely wary of anyone asking them for money via Facebook and if they believe the person is in actual need, they should call them over the phone to confirm the request.

If you're interested in learning more about this scam, check out the full report here.

Via CyberNews

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.