Category: Hazards (Page 1 of 12)

The Dell 2024 Data Breach

If you have a Dell computer, you may have recently received an email notification of a data breach. Millions of customer records were recently stolen from Dell. Here’s what you need to know about the Dell 2024 Data Breach:

What Was Stolen

49 million customer records walked out the door. Each record may contain:

  • Purchaser’s Full Name
  • Physical Address
  • Unique Service Tag from the computer/hardware
  • System Ship Date
  • Warranty Plan Details
  • Serial Number (for monitors)
  • Dell Customer Number
  • Order Number

At this time, Dell claims that no payment info or phone numbers were taken. We can be grateful that there’s no worry about any financial accounts being invaded. But this breach is still a big deal, far bigger than Dell is letting on in their blanket email. The potential for phishing scams, using this stolen info, is high.

What To Expect

We’ve been through this before. It is generally known in the tech community that Dell has had other data breaches, and just not fessed up about them. How is that, you ask? Over the past several years, various Dell scams have been reported on or discussed, and those scammers used inside info, like Dell Service Tags and PII. The customer data they used was specific enough to have only come from Dell’s records.

These scams work well, and here’s an example of how it plays out:

Joe Scammer runs some quick searches against pubic information databases, and finds phone numbers to go with the names and addresses he’s holding. Then he starts cold-calling those numbers, with a plausible story.

“Hello, Ms. Vanderbluth! I am John Snordwrangler from Dell and I see that your Inspiron 3450 is overdue for a BIOS security update. If your service tag is BXT459A54, then I am authorized to perform this fix, free of charge for you! Do you have 2 minutes for me to remote-in and secure your system?”

This is often their schtick. And it is very believable, because the scammer already has all the answers. He’s not asking for sensitive info, he already has it, and many people would not think twice about saying Yes to a free fix. But anyone duped by this scheme will soon be taken for a horrible ride and bilked out of significant money. Or have their computer ruined after they refuse to pay up.

Based on past scam attempts, we might expect these to come via phone calls, email messages and even postal mail! Yes, you might even get a letter in the mail; it has happened before in other schemes.

How to Protect Yourself

This is a tough one to guard against. Again, the scammers will come armed with a lot of your personal information. They may employ the Dell logo on their printed materials. They have the ability to falsify their CallerID. Their email address may be spoofed to show “” or the like.

I have to prescribe extreme dubiousness for any Dell communications you receive. Maybe this should also apply to any unexpected contact from big tech companies. If you didn’t initiate that surprise call or email, mistrust is a good first option.

But there is always the slight chance that you will receive a legitimate Dell notice. So we’ll want to be suspicious but not impolite. Don’t respond to any Dell emails directly. Don’t interact with a Dell rep who called you on the phone. Never dial a number shown in an unexpected email.

If Dell is asking you to take any particular action, end the call or step away from that particular email. Next, you are safe to reach out to Dell, using trusted means, as shown on their website. The various phone numbers and chat methods on that site are safe. Using them will help you verify a real request, as well as reveal a phishing attempt.

Please also discuss anything strange with your friends, family or other trusted people. Remember: scams reveal themselves and fall apart when you talk about them with others!

Also, Dell asks that you report their impersonators to them. They have a page for reporting phone scams, and you are welcome to forward phishing emails to .

The Dell 2024 Data Breach
screencap of bad actor selling Dell’s stolen data

Antivirus Isn’t Enough

If your computer is going to dip its toe in the internet ocean, you need protection. There are hazards everywhere, and nothing is sacred on the wretched worrisome web. But antivirus isn’t enough. Whether you are using Microsoft’s free Windows Defender Antivirus, or shelling out big bucks for Snotron McAffeinated 420 Ultra SmartWare Gigaplex Security Suite 2025 Excruciating Edition, you need more. No antivirus is going to keep you 100% safe from the hazards of the internet.

After your antivirus is squared away, you need an ad-blocker. This is software that suppresses or blocks advertisements from ever appearing as you surf the web. And you really need to be blocking ads, on (almost) all websites. They can be dangerous no matter where you go.


Websites everywhere look to make a buck through advertising. But they often don’t want the tedium of finding advertisers, collecting ads and payment and other managerial minutiae. It’s much easier for a company to hand that task off to ad firms, who will place and rotate ads on designated places on their website.

But that leads to trouble. If the ad firm doesn’t vet their customers well, or if they suffer a data breach, or if they just don’t care, then you wind up with this nonsense:

antivirus isn't enough

To be clear: This screencap is taken (today!) from a Valley newspaper’s website, that most people in the region visit for local news. Directly under their masthead is a large banner ad that will lead people to two different types of undesirable software downloads. I cannot tell you how many computers I have cleaned of OneLaunch this year. And EasyPDF is a well-known search hijacker. Some people are going to ignore that junk. Other people are going to click on it and foul up their computers and have to call a professional to clean things up.

As much as I like to earn my pay, this isn’t right. This is irresponsible, although it is debatable whether the fault lay with the newspaper or the ad agency they’ve hired. Whomever we should wag the finger at, they are unlikely to be sympathetic or helpful when it comes to fixing your computer. And this sort of thing happens frequently, on many of the mainstream websites you visit.

Hence my stance: You need an ad-blocker! An ad-blocker is the second layer of protection for your computer, after your antivirus.

Ad-Blocking Options

There are a lot of options for blocking ads, and they usually do not come from your antivirus vendor. And there are even scammy and spammy ad-blockers out there, so let me suggest some that I know to be legitimate and safe:

AdBlockPlus: I’ve used this browser extension for years and it has been consistent and solid since its inception.

uBlock Origin: Also a quality ad-blocker extension, but this one is fairly unique, as it does not ever ask for money, even a donation.

The Brave web browser: Brave is not an ad-blocker, it is an entire web browser with ad-blocking, baked in. It is a modified version of Google Chrome, with lots of privacy and other protections added into the mix.

I should mention it is best to pick only one ad-blocking solution and run with it. If you need to change, remove one before adding another. Multiple ad-blocking softwares can conflict or cause system slowness.

A Final Caveat

Using an ad-blocker may change your life. If you haven’t used one before and this is your first time, you may be amazed at how much more pleasant the internet becomes, with all of that chaff eliminated from your news, your webmail, your shopping websites…

But some websites don’t like that you are running an ad-blocker. They can tell. Those sites may pop-up messages when you visit, exhorting you to disable your ad-blocker, so that “we may continue to rake in those sweet sweet advertising dollars!” Most of these messages you may safely ignore, but a few websites are a bit more rigid than others. They may prevent you from using the website, until you turn off your ad-blocker. In those instances, you have a choice:

A) Disable your ad-blocker for that one website. Usually, you would find the icon for your ad-blocker, click it and then toggle it off. After you refresh the website, ads will show for that one webpage, but the ad-blocker will still function everywhere else you surf.

B) Don’t visit that website. Just leave. If they won’t respect your need for computer security, then perhaps they don’t need your patronage.

Even More Facebook Scams

The hits just keep coming. I’ve got even more Facebook scams to describe, so that you’ll be able to recognize and dodge these if you meet with them:

Concert Tickets for Sale

This is as simple as they come: Someone will ask for a Venmo or CashApp payment for some concert tickets, and then ghost you as soon as they receive the cash.

And once they’ve stolen your money, they will also Block you. This prevents you from reporting them to Facebook.

Garage Door Repair

Now we can add “garage door repair” to the list of service scams on the internet.

Working on garage doors is not for the faint of heart and is dangerous if you don’t know what you’re doing. I think it important that you be sure to have a properly licensed and insured person performing this service for you.

Missing Child Notice

I’ve blogged before about missing child alerts on social media, but this adds a new angle to that. These posts are fakes. These children are not missing. They’re not even located in the named town or region.

I’m fairly certain that these posts will later be changed into something shady, à la The Facebook Edited-Post Scam.

Precious Things Found

From missing people to found items, these scammy notices work the same way. If they can just get their post to be shared far and wide, they’ll later change it to something scammy.

Used Car for Sale

Many people sell their cars on Facebook, so this scam is hard to spot until you start dealing with the poster.

But I know this is a scam, because this person’s account was stolen from them. Once a scammer entered this user account, they changed the password and all other security info. And Facebook did not help the rightful owner of the account. The scammers are still in there as of today, posting about this car on all of the groups that they can.

For those who reach out about this car, they’ll be asked to make a small payment to “hold” the car for them. Or they may be offered a “too-good-to-be-true” price to get the car sold quickly and delivered to you. In any case, it’s just another way to get your cash before they block you.

Red Flags for These Scams

  • The poster asks you for payment or a holding fee before you have seen the product or received any proof of the item’s existence.
  • No company name is given, no local phone number or website is shown for offered services.
  • Real missing-persons notices would include the name and phone number of the relevant police station.
  • Scammers tend to Like their own posts and often Turn Off Commenting.

Romance Scams

romance scams

The internet is a great place to meet people. But are you you meeting real people near you or scammers who are out to steal from you? Let’s go over Romance Scams, so that you’ll be a little safer making friends and finding that special someone online.

Red Flags

Is that person you are chatting online looking for a serious relationship, or just your money? It can be really hard to tell! But look out for these red flags:

  • They won’t have a voice or video call with you.
  • They are very far away and cannot meet with you.
  • Meet-ups are planned, but always fall through or are cancelled.
  • Things move very fast, e.g.: they profess their love too quickly or ask for marriage very soon after your first contact.
  • Requests for money come up, to help with medical expenses, travel costs or investment opportunities.
  • Communications move to privacy-oriented apps, like Signal or WhatsApp, and you cannot learn the person’s physical address or true phone number.

Honest people that you have just met may exhibit some of these, too. It can be hard to know who’s legit and who’s lying to you. As the red flags pile up, you should trust the other person less and less. But then you may also see if you can knock down any of those flags by:

Verifying Someone’s Legitimacy

This is easier said than done. Not everyone wants to cooperate with requests for personal info, and with good reason: How do they know that you aren’t a scammer?! Still, these items can go a long way to helping you believe that you’ve met someone like you:

  • Have a call with them, where you can see them and hear their voice.
  • Meet with them in a public place (library, coffee shop, high-traffic building).
  • Perform a reverse image search of any profile picture you have of them. That picture may track back to who they say they are, or it may turn up on a ton of stock photography websites.
  • Ask to postal mail something to them.
  • Do your own research, looking up tax records and court records through trustworthy government websites.
  • Talk with family or friends about your new online acquaintance, to see if they think things are kosher or sketchy.

What Can Go Wrong

I can’t tell you how to create a successful relationship or make lasting friendships online. That’s going to be a challenge for many people, even when everyone is being honest. The hope with this post is that I can help you avoid the worst of the worst and their scams, that are out to take advantage of lonely, trusting people. And to that goal, you should understand what these schemers hope to do:

  • Earn your trust to the point that you’ll send them some money. And then they’ll ask for more. And then more and even more money. This repeated money extraction is sometimes referred to as a pig-butchering scam. Once the victim is bled dry of cash, the criminal will ghost them and move on to the next mark.
  • Convince someone to engage in romantic written/photographic/video content. Once the scammer has enough adult or illicit material, they use it to extort money from their victim. The extortion can be as simple as “I’m going to tell your wife” or as devastating as “I’m actually 16 years old and I’m going to the FBI with those photos you sent.”
  • In rare instances, romance scammers urge someone to travel to visit them. If this happens, it could be a trap. When the romantic hopeful arrives in a foreign country, they could be robbed or kidnapped or worse.

Already In a Jackpot?

If you find yourself in the midst of such a scam, cut off communication ASAP. If you’ve been sending them anything of value, you have got to get a tourniquet on things. Don’t send any more money, and consider any previously-sent gifts or cash as gone and unrecoverable. If you have any other worries, find a trusted person (friend, family member, police officer, pastor, counselor) to consult with.

If you know someone who is in the midst of a romance scam, gently confront them to say how you are concerned for their well-being. Show them this blog post or the many other articles that are out there, describing how romance scams function. Be prepared for and understanding about their resistance. The scammers may be in their heads, and have secured their trust. It can be an uphill battle to convince a romance-victim of the larger truth. In extreme cases, you may have to arrange an intervention.

Logo Design Scams on Facebook

Logo Design scams on Facebook are the latest to appear on group pages. These scams are brought to you by the same people who offer duct cleaning, mobile car detailing and more. Here are the deets:

What This Scam Looks Like

Again, this scam usually appears inside of Facebook Groups. The wording may vary, and can actually be a bit engaging:

This time around, the scammers are onto something. The forthright statements and proud attitude is a good hook, and holds the readers’ attention. I see a lot of these posts, full of comments from people who want to contribute their own opinions and attitudes on the subject. And their conversation makes the posts more credible!

But it’s still a scheme, and I recommend you shy away from these offers.

How This Is a Scam

Once again, I have to remind everyone that appearances are often not what they seem on the internet. The people posting these offers use Western names and American-looking photos. They look like they could be your neighbors, but they aren’t. When I chat with these folks, I send them links to click on. And when they do, I get to see their location in the world:

Almost all of these service-type scams are posted by people in Pakistan. I have nothing against the people of Pakistan. But I do have misgivings about dealing with a Pakistani who uses a sock puppet account on Facebook to present themselves as an American.

Incidentally, I am very forthright with these people, as I chat them up. I ask them plainly about their location in Pakistan. They either use coarse language at me, or block me. I do not ever get a civil response from them.

How These Scams Play Out

I would have to give these scammers some money to be sure of how the scam finishes. I’m not going to do that. So, here are my educated guesses on what happens to people who fall for these schemes:

  • The scammer plays you long enough to get an initial payment, and then blocks you.
  • The person actually gets you some logos and design options. But they are quickly whipped up, using free sites and AI tools, and certainly not worth $200.
  • They offer to help with your website design, which will give them access to your professional email and domain. Your passwords could be sold to a higher-level scammer who can abuse your email address and identity.

If you have dealt with these scammers, please share your story with me. I would love to update this post with more details!

However these ploys go down, you need to know that you will have no recourse. Whether you lose time, money or your entire website, these people are in another country, where our police cannot address them. These scammers will quickly block you on Facebook, and Meta will not assist you, even if you report the matter to them.

What You Can Do

It can be tricky to recognize these scams. Their verbiage gets better every year. But one useful trick is simply to search Facebook for the scam. Specifically, click and highlight one or two sentences in a suspicious post. Copy that text and paste it into the search field at the top of Facebook. You will know you have found a scam, if your search turns up similar posts from all over the country:

logo design scams on facebook

Next, report the scam posts. But understand that when you report things, you have a choice. You can report them to Facebook, but little to nothing will occur. Or, you can report them to the Group’s Admins. That is much more likely to help. The very real and local people that take care of that group will see your report and probably take action against the poster.

It’s quick and easy to report a post to the group’s admin!

Lastly, I do not recommend that you criticize or attack these scammers on their posts. They will simply block you. Once you have been blocked by them, you will be unable to see their posts or report anything that they do.

Shentel/Mail2World’s 2024 Spam Problem

If you still use a Shentel email address, you should know that there’s a problem with Mail2World’s spam filter right now. Some (but not all) email inboxes are getting a lot more junk email than is normal. After talking with Shentel tech support, I can’t say that I know what the problem is. I don’t know when it will be fixed. I can’t say with certainty that Mail2World is anything more than 3 children in a trenchcoat. But what I can do is teach you how to cope with Shentel/Mailworld’s 2024 Spam Problem in this blog post.

Shentel/Mail2World’s 2024 Spam Problem
Some people are getting several copies of EACH of these spam messages in their inboxes, every day!

What NOT to Do

First of all, don’t call Shentel expecting a quick fix. This problem is out of their hands, because Remember: Shentel doesn’t manage their email addresses anymore. They offshored their addresses to a company called Mail2World. And that company is really hard to get a hold of. But Shentel assures me that M2W knows about the problem and is working on it…

Next, do NOT unsubscribe from any spam! Clicking on unsubscribe (or any other links) in an unwanted message is asking for trouble. If you click on links in spam, you could attract more spam or lead your computer to a malicious website or download.

While you’re at it, don’t bother trying to use Block Sender on spam. It can’t hurt, but it isn’t likely to help. Block Sender is typically useful only for someone who always uses the same email address. Like that annoying relative who always forwards tacky joke emails to everyone he knows. Or the neighborhood Tupperware salesperson. Or a mentally questionable ex-boyfriend. Block those people to keep your inbox stress-free, but spammers change their email on every message they send. Blocking a spammer won’t work!

What to Do

Your best tool against spam coming to your Shentel inbox is the Mark as Spam function. This is not easy to find! Let me run through some steps on how to find this:

  • Visit the Shentel Webmail site and sign in with your email credentials
  • Identify any spam messages in your inbox, and check the box(es) to the left of each one
  • Above and to the right of your inbox email, click More and then click Mark as Spam
Shentel/Mail2World’s 2024 Spam Problem

Using this feature removes the spam from the inbox and also sends a message back to Mail2World (and their anti-spam vendor) that these types of messages are spam. It should eventually help them block more spam, which benefits everyone.

Other Problems with Shentel Spam

The Shentel Spam Filter is misfiring in other ways, right now.

Some users are reporting that good email is winding up in the Spam folder. If you feel you are missing any expected message, you’ll want to check your Spam folder. As described above, it is best if you visit the Shentel Webmail page, and then click the Spam folder in the left-hand column. If you find a trustworthy message in Spam, check the box next to it, click the More menu and then click Not Spam.

Also, you may begin seeing some other cryptic emails in your Inbox or Spam folder like these:

I don’t think these messages are spam or harmful in nature. They may be intended for Mail2World and their anti-spam software team, but are being misdelivered to us end-users. Don’t worry about them, and just delete them if you feel any kind of way about them.

Taking It to the Next Level

If we wait this out long enough, the hope is that Mail2World will figure things out, kick their spam filter into gear, and things will go back to … normal. A normal amount of spam, reliable email coming and going, etc.

But what if that doesn’t happen? What if this problem persists for much longer, or how about if new problems emerge as this one resolves? Mail2World doesn’t have the best track record and I am not prepared to assure you of their capabilities.

If you can’t abide anymore, then your next option would be to create a new email address. Gmail,, ProtonMail and a variety of other email offerings exist. You can create a new address with them at the drop of a hat, and for free.

I realize that concept is intimidating. Switching your email address, in some ways, is more of a labor than changing your mailing address. Not only are you faced with notifying all of your friends and family, but you must reach out to companies with the new email info. And then you get to log into all of your important websites, one by one, to convince each to update your email info.

But consider this: Changing your email address doesn’t have to be accomplished all in one weekend. You can create a new address and migrate things over to it at your pace. You can check two email addresses for as long as you want. Maybe you decide to keep and maintain both addresses?

Also, some email users create a new email address and forward their Shentel mail into it. This is a safeguard against people who “don’t get the memo” about your new address. And it can help with spam! For example, let’s say that you create a new Gmail, and route your Shentel mail into it. All inbound Shentel mail passes through their subpar junk filter, and then gets bounced over to Google. Then Gmail runs it all through their superlative spam filter, and the worthwhile messages arrive in your new Googly inbox.

2024 Facebook Outage

Update: Starting at around 12PM EST, many users are able to login and use Meta/Facebook products again. Here’s hoping the 2024 Facebook Outage is over. Whew, that wasn’t as bad as the 2021 Outage!

If you cannot access Facebook right now, it’s not you. It’s Facebook. Facebook is down, possibly for many people. I think this is big enough we’ll be referring to it as the 2024 Facebook Outage.

The outage began around 10AM EST on March 5, 2024. Users everywhere have been logged out of the Facebook website, the mobile app, Messenger and possibly more. Ah, now I see that Instagram is also down. I’m even having trouble loading the Meta Status page!

For now, it might be best if you sit tight, retry Facebook every now and then, and watch the news for more details as to when this outage has passed.

Outage websites, like DownDetector and DownForeveryoneOrJustMe, might show useful trends and comments about this outage. And a Wikipedia page for this event has already started to form.

So far, the only thing that Meta has said is “a technical issue” caused the difficulty. While more details would be appreciated, this might be the most explanation we’re going to get.

2024 facebook outage

The Girl Scout Cookie Scam

There’s always another scam just around the corner. And with these jokers in Scamdinavia, nothing is sacred. Please watch out for the Girl Scout Cookie Scam, circulating on Facebook and possibly other social media.

The Scam

You might already know this scam, but it’s still worth broadcasting. Because the Girl Scout brand is so endearing and trustworthy, some people are getting fooled by this nonsense. Check out these examples of the scam I’ve collected from Facebook:

Let me be clear: These posts are not legitimate, not endorsed by The Girl Scouts of America and not created by anyone in this country. People in Kenya or Pakistan have created sock puppet accounts on Facebook, stolen a bunch of photos with kids and cookies in them, and are simply posing and fishing for quick money.

Anyone who messages these schemers will be asked to pay for their cookies using Paypay, Venmo, CashApp, etc.. The poster collects the money and pretends to take down the address, and asks the victim to wait a couple of weeks for delivery. When the delivery day passes and no cookies arrive, the crook will be long gone.

What’s Scammy and What’s Legit?

Once you know what to look for, it’s easy to get your Girl Scout Cookies from a safe source. Here’s what to look out for:

  • A legitimate Girl Scout Cookie post will offer specific details, like:
    • A URL to the Cookie Finder, or a personalized website for ordering, beginning with “”
    • The time and location where the kiddos will be setting up to sell their cookies in-person
    • A variety of payment options, and no sense or urgency (pay when the cookies arrive)
  • A scam post will seem fishy, if you take notice:
    • the child’s name or troop is not mentioned
    • the cookie prices are wrong or too low
    • the posting account is no one you know and you have no mutual Facebook friends with them
    • the post has commenting turned off

If you see a scam post on Facebook, report it to the group’s admin or moderator. You can report it to Facebook, too, but they are unlikely to do anything.

For more info on how to get these delicious cookies, check out the Girls Scouts Cookie Program website.

Duct Cleaning Scams v2.0

If you aren’t familiar with the duct cleaning scams that abound on Facebook, I recommend you first check out my 2021 post on this matter. Once you’re up to speed on the basics, it’s time to discuss the new-and-improved duct cleaning scams. Duct Cleaning Scams v2.0 are beginning to spread throughout Facebook. Don’t fall for them and be ready to report them.


Duct cleaning scams are the same as before: People located in Pakistan are posting in American Facebook Groups, trying to sell duct cleaning services.

They use sock puppet accounts that make them look American. Posing as “local companies”, they are really just looking to schedule appointments, which they then resell to unlicensed people near you. The folks in Pakistan collect referral fees for each job s/he schedules. The people in America get suspicious cleaners at their door. Whoever arrives to clean ducts is not connected to any real company, and may overcharge for their service or commit other crimes.

But they’ve upped their game for 2024. The scammers are trying to appear more professional now. Their latest posts show a classy flyer with pricing, a business card, and a real website.

The wording of their posts is much improved, too. Gone are the copy-and-paste phrases that we rolled our eyes at, like “Believe our Work not Words!” Now they present more detailed and personalized posts that closely resemble everyday small businesses in our country.

Their sock puppet accounts are looking better, too. They’ve got dozens of them now, all sporting American names and stolen photos. They’re using the accounts to click Like on each other’s posts and photos, which makes them look active and more legitimate.

Same Tells and Giveaways

I am sure this is still a scam. First, I chat with these people. It’s the same ol’ schtick with them, but I still like to get proof when I can. I ask them where they’re from (Washington!) and then I send them a link to my address. (Oops, that wasn’t a link to my address, it tells me the location of the clicker:)

Karachi isn’t in Washington, good sir.

But there are other hints. Sometimes, I click the poster’s name to view their Facebook profile. And it catches my eye when their profile name doesn’t match with the name hiding in their Facebook URL:

I’ve tried calling some of their numbers (Houston TX area code, probably purchased through Ring Central), and no one ever picks up. But they answer texts and Facebook messages immediately. And they block me quickly, if I mention their home country:

And then there’s their website. The Titan website looks fine, but the devil is in the details. Looking up the domain name, I can see it was registered just 2 months ago, through a Czechoslovakian company. And while the images on the site looks crisp and pleasant, every single one of them tracks back to other, older, legitimate HVAC companies throughout the USA. Google Lens is really nice for doing a quick reverse image search, and it shows that these schemers just lifted their images from real duct cleaning websites.


  • If you recognize a duct cleaning scam, report it to Facebook, and then also report it to the admin of the group where it was posted. Facebook won’t do anything, but hopefully the group’s moderator will remove the post and/or block the sock puppet account.
  • Verify a service company’s identity with a simple phone call, or getting a referral from a true local. Make sure they have a contact number and address that makes sense for your location. Avoid contracting with any service provider that insists on texts or private messaging only.
  • If someone claims they have a license with the local county or NADCA, get that license number from them and check it out! Scammers will boast about having all their licenses, but won’t give them when asked.

More Facebook Phishing

I never think I’ve seen it all. I’m sorry to report, there’s always another scam, just around the corner. Today, I’m seeing a new take on Facebook phishing, and this time, it’s targeting Facebook Business Pages. The scammers are creating fake profiles AND fake websites, and hoping to fool everyday folk like you and I.

The Scam

The scammers are watching and waiting for a legitimate business to post on Facebook. Specifically, they’re looking for giveaway-style posts, where the business is offering something to anyone who comments on or Likes the post. It’s easy for them: They’re just performing a word-search on Facebook posts for “giveaway” or something similar. And when they find what they want, they spring into action.

They quickly create a phishing website that resembles the target company. And they also create a Facebook page, using the name and photos from the real business profile. Then they start commenting to people on their original giveaway post:

more facebook phishing
That comment is not from the real Freeman Foods, it’s an impostor!

Unsuspecting people might see these comments and be fooled into thinking that it is a real comment from the legitimate business. But the comment and link is fraudulent. The URL in the comment leads to a bogus phishing website that asks for your PII. And victims of that fake site will suffer from spam, identity theft or worse.

The Tells

This scam may be obvious to some people, but I should point out how to recognize this as a phishing attempt:

  • The comment links to a strange URL, containing “myfreesites”, “googlesites”, “” and not the real URL for the business. These other URLs are using platforms that let anyone create a website, on the fly, for free!
  • The English is a little off, because the scammer is certainly in another country. They could be in Scamdinavia or Carjackistan, but they hide this and pretend to be in the USA.
  • If you click through to the commenter’s page, you can see that it was created very recently and has very few Likes/followers. The legitimate business page would have many Likes and have been created far in the past.
The real Freemans Foods has thousands of followers and created their FB page in 2013.

Reporting the Issue

If you are the real business owner, and the scammer is commenting on your posts, click on the impostor’s name and use the 3-dots button on their profile to report them to Facebook. Then, return to your posts where their comments are, and report those as well. When reporting the comments, look for additional options to Block or Ban them from your Page.

If you are a regular Facebook user, and you see this type of phishing, feel free to report the scammer’s Page and comments to Facebook. The more reports they get, the quicker they may shoot down the impostors.

And if you want to go the extra mile, you can report the phishing website (URL) mentioned in the comments. This can help Google, Microsoft and other big tech in noticing and flagging that website, and it may lead to the site being removed from the internet:

« Older posts

© 2024 BlueScreen Computer

Theme by Anders NorenUp ↑