This PayPal and Facebook scam might cost you thousands

Your Facebook friend asking for money might actually be a hacker

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new PayPal/Facebook scam has been discovered byCyberNewsthat is allowing blackhat hackers to steal roughly $1.6m per month from regular Facebook users.

Those who fell victim to this new scam were not hacked, forced or threatened but instead all sent out money voluntarily to their Facebook friends' bank account after receiving the same amount of funds in their PayPal accounts.

However, these funds didn’t stay in their PayPal accounts for long as within a few days, all of the money they received was removed from their accounts. To make matters worse, since they sent it via bank transfer, they are unable to get their money back.

It turns out that their so-called Facebook “friend” asking for money wasn’t actually someone they knew at all but rather a hacker that had managed to gain access to one of their friend’s accounts. The hacker behind the scam then messaged many of the stolen account’s friends until they found someone willing to participate in their complicated scheme.

PayPal/Facebook scam

According toCyberNews' sources inside the blackhat hacking community, simple faults in Facebook, PayPal and UK banks make it possible for this scam to be carried out. The hackers carrying out this scam are reportedly making roughly $2,400 per day, per hacker and 15-30 hackers are currently running this scheme every day.

The reasons this scam is so effective is due to its complexity and the fact that it often involves up to three different victims. Additionally, users don’t understand thatPayPalhas a chargeback feature and that their Facebook friends' accounts could easily be hacked.

WhileCyberNewsdid not provide all of the details of the scam out of concern that other hackers may try to pull it off, the security research group did explain that there are two versions of the scheme. In the first version, the hacker only needs two victims with the first being the person whose Facebook account got hacked and the second victim is the target who loses money at the end. The second version involves three people as it uses both a hacked Facebook account and a hacked PayPal account.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

To avoid falling victim to this scam,CyberNewsrecommends that users addGoogle Authenticatorto their Facebook accounts and keep their PayPal accounts empty and link a virtual card. Also, users should be extremely wary of anyone asking them for money via Facebook and if they believe the person is in actual need, they should call them over the phone to confirm the request.

If you’re interested in learning more about this scam, check out thefull report here.

ViaCyberNews

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This new malware utilizes a rare programming language to evade traditional detection methods