Facebook grant scams

Facebook is offering $100 million in cash grants to businesses affected by the coronavirus pandemic. Eligible applicants can receive a grant worth about $3,300, announced the company’s official blog, and, picked up by major media outlets, the news quickly spread. Unsurprisingly, cybercriminals wasted no time hatching schemes to exploit this largesse.

Knowing many had heard about the grants but banking on few having absorbed the details, cybercriminals presented the news as if Facebook was handing out money to all users of the social network affected by COVID-19.

The bait

Potential victims see an article seemingly from CNBC, a world leader in business news with a monthly audience in the hundreds of millions, saying Facebook is giving grants to users hit by COVID-19 and including a link to apply for a grant. The grammar should give away the game, and the URL, which does not start with cnbc.com, is another suspicious element.

Those who turn a blind eye to the clumsy English and wrong URL are taken to another portal that bears more than a striking resemblance to the official site of Mercy Corps, a charity that helps victims of natural disasters and armed conflicts. However, the only topic on this one is Facebook grants, and the victim is asked to specify how many years they have been a user of the social network. The grammar on the website still stinks, and most of the links don’t work. It’s especially sad the that job announcement for the Facebook Grant CEO position is also unclickable — perhaps it could have been someone’s chance to land a job with a decent paycheck! And, of course, the site URL does not contain facebook.com, so it clearly has nothing to do with Facebook.

If you persist in ignoring the blatant oddities and decide to apply, first you’ll be asked for your Facebook username and password. If you enter them, they’ll go straight to the cybercriminals. Then, to accept your application, the site requires a lot more information, supposedly to verify your account: your address, social security number (for US citizens), and even a scan of both sides of your ID. No fields can be left blank, and the site diligently prompts you about any omissions.

When the form is filled out and submitted, the site displays a confirmation message that your application has been accepted and you will be contacted shortly.

Don’t hold your breath. The verification procedure is simply a ruse to gain access to your Facebook account, which the cybercriminals can then use to try to trick your friends and extract money from them. Moreover, the form fields provide the crooks with enough personal information to steal your identity. Armed with this and scans of your documents, they will likely be able to get into any of your accounts, including online banking.

The real CNBC site does indeed have an article about Facebook grants, but for businesses — the real beneficiaries of the program. And it was written by someone with a better grasp of the English language. As for the fake CNBC news, its only purpose is to fool you into believing that Facebook is now a charity for its users.

How to avoid getting phished

To keep safe from phishing, you need, first, vigilance and, second, a reliable security

Continue reading

This post was originally published on this site