Facebook Messenger Scams: What Are They & How To Avoid

Are You Talking to a Scammer on Facebook Messenger?

When Vera Walters received a Facebook message from her cousin about a new government grant, she knew this kind of money could be life-changing. But after submitting an application replete with her sensitive personal information, Vera discovered the awful truth — scammers had taken over her cousin’s account and used the grant story to steal Vera’s identity [*].

Fraudsters are increasingly targeting social media accounts as a means to trick victims into giving up personal information, sending money, or clicking on dangerous links. According to the Identity Theft Resource Center [*]:

Social media account takeovers have increased by over 1,000% in the past year. 

The last thing you want when trying to catch up with a friend or relative on Facebook Messenger is to end up talking to a scammer instead. 

In this guide, we’ll explain how Facebook Messenger scams work, provide specific examples of the latest scams to avoid, and teach you how to stay safe when chatting with people online.

What Are Facebook Messenger Scams? How Do They Work?

Facebook Messenger scams occur when fraudsters use the Messenger app to con Facebook users into sending money or gift cards, giving up personal information that could lead to identity theft, or clicking on malicious links. 

Scammers often impersonate users by setting up look-alike Facebook profiles or taking over legitimate accounts in order to send phishing scam messages to their victims’ Facebook friends.

Scammers use Facebook Messenger because most people have Facebook friends with whom they’ve lost touch or never knew very well in the first place. This makes it easy to reach out and build trust before targeting victims with advanced social engineering tactics and phishing scams.

But maybe the most important reason is that social media scams work. 

According to the Federal Trade Commission (FTC), Americans lost over $1.2 billion to scams that originated on social media platforms in 2022 alone [*].

Here’s how a typical Facebook Messenger scam plays out:

• Scammers impersonate one of your Facebook friends. Fraudsters hijack someone’s Facebook account or create a dummy account that copies your friend’s profile picture and profile information.
• Next, they send a message out of the blue. Scammers rely on your curiosity when you receive a message from a contact whom you haven’t spoken to in a while.
• The message is urgent, troubling, or piques your interest. Fraudsters know how to get your attention and might ask a question like, “Is this you?” followed by a link. Other common scams start with the question, “Guess who died?” Scammers will use any message that they think will elicit a quick response.
• The scammer asks for money, personal data, or sends a harmful link. Once you respond to a message, scammers push for sensitive information (like security codes) or try to persuade you to send them money or click on links. 

The possibility of losing money to a Facebook Messenger scammer can be devastating, but an even more serious consequence is the loss of sensitive personal information which puts you at risk of identity theft.

How To Tell If You’re Talking To a Scammer on Facebook

If a scammer’s message appears in your Facebook Messenger inbox, you’ll see at least one of the following red flags:

• Spelling and grammatical errors. Many scammers aren’t native English speakers, which leads to grammar and spelling mistakes, unusual phrasing and word choices, and strange formatting. Other times, scammers include errors intentionally to weed out people who already know how to spot a phishing scam.
• You haven’t spoken to this person in a long time (or ever). Distant or almost nonexistent relationships are easy vulnerabilities for scammers to exploit. People are curious why an estranged acquaintance is messaging them.
• Their profile shows signs that it’s been hacked. If you visit the sender’s Facebook page and find strange posts on their wall, it could be a sign that hackers have taken over your friend’s account.
• The sender’s profile is an imitation of your friend’s account. If you look closely at the sender’s profile page and notice that something’s off, you might be looking at a fake account that’s duplicating one you already follow. 
• The message includes a suspicious link. Phishing messages often contain harmful links that lead to fake login pages. Other malicious links attack your device with invasive malware, spyware, or ransomware when opened.
• The message has an urgent tone. Scammers use lines like, “Is this you in this video?” or “Guess who died?” to grab the target’s attention and convince them to click immediately.
• The sender mentions a “special” government program or a way to make “free money.” Scammers want you to think an old friend is reaching out with a legitimate opportunity for you. In reality, it’s just a scammer using your friend’s account.
• The sender asks to move the conversation to email or text. If you’re asked to move off the Facebook Messenger platform (or to give up your phone number), you’re dealing with fraudsters trying to initiate the next phase of their scheme (or hide the fact that they’re scammers before their account gets reported and banned).

The bottom line: Use common sense and trust your gut. If something seems off about a message on Facebook, don’t click on links, respond to messages, or send money. 

The 7 Latest Facebook Messenger Scams

1. “Is this you?” or “Guess who died” messages
2. Friendly or romantic messages offering investment advice
3. Scammers asking for authentication codes
4. Fake charities or page administrators asking for donations
5. Impostor accounts offering “free money” through government programs
6. A “friend in need” asking for money
7. Fake awards, prizes, and giveaways

While most versions of phishing scams have been around for years, scammers find ways to switch up their strategies to catch people off guard. 

Here are some of the most common Facebook Messenger scams you’re likely to encounter:

1. “Is this you?” or “Guess who died” messages

In this Messenger scam, fraudsters try to persuade you to click on a malicious link by claiming there’s a compromising video of you online or that something shocking has happened that you’re unaware of.

Sometimes, these links lead to fake websites that prompt you to enter login credentials so the scammer can access your accounts. Other links contain malware that can infect your device with a virus that steals sensitive data.

How to identify (and avoid) this scam:

• Never click on links from unsolicited messages. This is especially dangerous if the message comes from a user you barely know or someone who just sent you a friend request. 
• Reach out to your Facebook friend elsewhere. If you think a message could be legitimate, contact your friend by using a different method (not via Facebook). 
• Use Safe Browsing tools that alert you to fake websites. Cybersecurity protection providers like Identity Guard can warn you when you’re about to enter a phishing website.

💡 Related: What Happens If You Open a Phishing Email? →

2. Friendly or romantic messages offering investment advice

Also known as “Pig Butchering,” this scam is a combination of a romance scam and an investment scam.

Fraudsters first lure targets into close personal relationships online. Then, after building trust, they convince their victims to invest in a phony cryptocurrency platform that’s controlled by the scammer. 

These types of scams can be launched via text messages or any online messaging app, including Facebook Messenger.

How to identify (and avoid) this scam:

• Don’t trust anyone with your money if you only communicate with them online. Cryptocurrency scams are everywhere. Consult a trusted professional before making any investments.
• Question online relationships that move too quickly. Fraudsters try to “love bomb” their targets and may say they love you or even propose marriage within days or weeks. If things are moving quickly and you’ve never met in person, there’s a very good chance it’s a scam.
• Ignore anyone who claims to have a “guaranteed” investment. All investments come with a level of risk — especially cryptocurrencies. If someone on Facebook Messenger claims there’s no risk or that they have “insider knowledge,” it’s a scam. 

💡 Related: How To Protect Yourself From Scammers on Social Media Sites →

3. Scammers asking for authentication codes

Scammers sometimes pose as Facebook friends who need help gaining access to an online account, and want to send you a two-factor authentication (2FA) code. In reality, the scammer has already found your login information (username and password) and only needs a 2FA code to gain access to your account. 

If you give up a code that’s sent to you, you’re essentially giving up control of your Facebook account.

How to identify (and avoid) this scam:

• Never give anyone your authentication code. 2FA codes are meant for you and only you. Anyone who asks for it is trying to scam you.
• Report suspicious activity, and change your account passwords. If you get a 2FA code that wasn’t triggered by your own login attempt, this means someone else is trying to access your account.

💡 Related: Social Media Security Tips & Best Practices →

4. Fake charities or page administrators asking for donations

Facebook Messenger scams don’t always come from a supposed friend’s account. Opportunistic scammers can also create fake accounts impersonating public figures or charitable organizations, hoping they can trick you into donating money.

How to identify (and avoid) this scam:

• Do your own research before donating. Never donate to charities until you’ve fully researched the organization and determined its legitimacy. You can check the legitimacy of a charity on CharityNavigator.org, the Better Business Bureau’s (BBB) Wise Giving Alliance, CharityWatch.org, and Guidestar.org.
• Research the organizers of GoFundMe pages and other fundraising efforts. Many people post personal fundraisers on Facebook. Always review the account that posted the fundraiser, and see if it shows signs of being a scammer. 
• Look for the blue check icon that marks verified accounts. If someone claims to be a public figure and doesn’t have a “verified” badge, it’s probably not the person whom the profile claims to be. You can also search around on Facebook to find the real account that the scammer is imitating.

5. Impostor accounts offering “free money” through government programs

Another trending Facebook Messenger scam involves direct messages (DMs) that advertise ways to access easy cash through government programs.

Fraudsters send phishing messages claiming they recently received thousands of dollars through a new government grant and encourage their targets to apply [*]. But the applications often request sensitive information, such as your Social Security number (SSN), bank account information, or credit card number. 

How to identify (and avoid) this scam:

• Avoid messages that pressure you to enroll in a program to win “free money.” Advertising large winnings for minimal effort is a common scam strategy. Messages like this indicate your friend’s account has been cloned or hacked.
• Contact your friend off the platform. If you want to get to the bottom of it, contact your friend elsewhere and ask if they sent the message.
• Research government grants on official websites. Make sure you can verify any government program before applying. Official government websites have a URL that ends in “.gov” and use “HTTPS” (not “HTTP”).

💡 Related: 15 Facebook Scams You Didn't Know About (Until Now) →

6. A “friend in need” asking for money

Posing as a friend in an emergency situation is the oldest Facebook Messenger scam in the book. But recently, scammers have added a fresh twist to this scam with the help of face and voice-altering technology.

One Michigan resident got a DM from a Facebook friend urgently requesting a $200 CashApp transfer. After responding, she got a short Facebook video call from her friend (who was actually a scammer in disguise). She couldn’t hear what he was saying, but the person in the video looked exactly like her friend [*].

How to identify (and avoid) this scam:

• Verify monetary requests from your friends through a different communication channel. Don’t engage with an unsolicited Facebook message asking for money, even if it comes with a video that looks and sounds like your friend. Instead, contact friends on another platform and ask what’s going on.
• Don’t immediately trust voice or video calls. Scammers use the latest technology to trick you into sending them money. If something feels off about the interaction, wait until you can contact your friend directly. 

7. Fake awards, prizes, and giveaways

Fraudsters know that the prospect of “free money” or winning an award might entice you to click on links or send them money. 

In one example, a Denver woman received a message from a friend claiming they had both won a “Facebook Freedom Award.” When the woman clicked on the link in the message, she was asked to pay $5,000 in taxes to receive her $50,000 prize. It was only after she sent the money that the victim realized her friend’s account had been hacked [*].

In another version of this scam, cybercriminals claim that you’ve won a state or specialized lottery prize. But again, you need to pay or provide sensitive information before you can claim it. 

How to identify (and avoid) this scam:

• Don’t engage with messages that state you’ve won a cash prize or monetary award. If you don’t remember entering a contest, the announcement is a scam.
• Never pay to win a prize. Prize and lottery scams are nothing new. If anyone claims you need to pay before you can redeem a prize, it’s a scam. The same goes for supplying sensitive financial information, such as your bank account or credit card number.

💡 Related: How To Avoid Social Media Identity Theft →

Did You Give a Scammer Your Money or Personal Information? Do This!

If you trusted the wrong person on the internet, try not to panic. Here’s what to do if you’ve been scammed over Facebook Messenger: 

• Change your Facebook password, and update your contact information. Secure your account by changing your password and updating your recovery email or phone number.
• Visit your settings menu and log out of any unrecognized sessions. Check for unrecognized devices that are logged in to your Facebook account by viewing your “Security and login” settings. 
• Set up two-factor authentication (2FA) on all of your online accounts. Two-factor authentication provides an additional layer of security. Here’s how to set up 2FA on your Facebook account.
• Freeze your credit with the three main credit bureaus (Experian, Equifax, and TransUnion). A credit freeze is one of the best ways to stop scammers from using your personal information to open new accounts or take out loans in your name.
• Report fraud to the Federal Trade Commission (FTC) online. You can report both fraud and identity theft to the FTC online at ReportFraud.ftc.gov and IdentityTheft.gov. An FTC report may be necessary if you need to dispute fraudulent charges or close accounts. 
• Try to cancel any fraudulent transactions and get your money back. Contact your bank, credit card issuer, and any impacted company and alert them to the fraud. You may need to supply an FTC or police report. 
• Consider signing up for identity theft protection. Identity Guard’s award-winning platform can monitor your most sensitive personal and financial information for signs of fraud. And if the worst should happen, you’re covered by $1,000,000 in insurance for eligible losses due to identity theft. 

How To Report and Block Facebook Scammers

When you find a suspicious message or a fraud attempt in your Facebook DMs, it’s important to report the incident to Facebook.

Meta has a full list of step-by-step instructions that can help you navigate this process, but you can start your report directly from your Facebook Messenger app or homepage.

Before you start blocking and reporting, be sure to document proof of the suspicious interaction by taking screenshots of the messages you received. That way, if you need to file an identity theft claim, you’ll have the evidence you need.

Next, click on the downward arrow next to the sender’s name, and tap “report.” You’ll be led through prompts that help specify the reasons why you’re reporting the user.

You can also use the same menu to block the user from contacting you in the future.

The Bottom Line: Stay Safe on Social Media

Social media may offer fun ways to hang out and connect with friends, but online criminals have discovered how easily they can use it to scam people and commit social media identity theft.

Here are some final tips that will help you stay safe from fraudsters lurking on social media:

• Secure your online accounts with strong passwords and 2FA.
• Don’t click on links in messages or posts.
• Adjust your Facebook privacy settings, and choose the most secure options available.
• Don’t respond to strangers or messages that sound odd.
• Always double-check the validity of urgent messages via an alternate contact method.
• Don’t take Facebook quizzes or comment on viral memes and posts.

If you’re looking for the best way to keep your personal security in check at all times, Identity Guard offers award-winning credit monitoring and identity theft protection services that include comprehensive device security and Safe Browsing tools.

And, should the worst happen, you’ll be covered by a $1 million identity theft insurance policy, along with help from a dedicated team of U.S.-based 24/7 fraud resolution specialists.

Keep your identity (and finances) safe. Get 33% off your Identity Guard membership.