3 Facebook Scams You Need to Watch Out for This Christmas

Philip Bates 30-11-2016

‘Tis the season to be jolly, but Facebook is a serious threat to your enjoyment of the festivities 2 Best Sites For Tracking Santa Claus With Your Little Ones It’s December and so it’s high time you started preparing your little ones for the job of tracking Santa Claus as he gets on his sleigh to deliver gifts to children around the world. It... Read More .


No, we’re not moaning about how the social network gobbles up time or depresses you Facebook Makes You Sad, and "It Won't Happen to Me" is a Lie Facebook's potential as a trigger for depressive symptoms has been talked about in the past too, but this year has seen more of such studies than before. Here's what they say. Read More by showing you how well everyone else is getting on. Instead, you should be concerned about how cybercriminals are using Facebook in order to scam you — and, in two cases, are even making you complicit in the crime!

1. Secret Sister Scam

What seems like the latest festive fad is actually festive fraud.

The “Secret Sister” probably finds its origin with Secret Santa. You give $10 for one gift, and receive between six and 36 in return. What could possibly go wrong?

Well, quite a bit actually. The old rule — “if it sounds too good to be true, it probably is” — is especially relevant here. The wording of the post varies, but it generally states that “ladies of any age” can give $10 or more to donate a present, and then get at least six times their item in return, as part of a “Secret Sister pre-holiday gift exchange.” Christmas can be a stressful time Stop. Breathe. Relax. 7 iOS Apps To Relieve Stress What a stressful day! We all have them from time to time, and while the best possible way to relax (at least in my book) is to leave everything and take a walk outside, this... Read More , so getting a random batch of stocking fillers might seem like a great idea.

Sure enough, you can give $10… but you won’t get anything back. If this all sounds familiar, it’s because a similar strategy hit Facebook last year, and before that, pyramid schemes have been conning people for decades.


Aside from damaging your bank account, the hoax could have serious consequences — as it’s technically illegal, depending on your province. A representative from the Cookeville Police Department explains:

The gift exchange is a modern version of the chain letter scheme and is illegal. Chain letters are essentially forms of gambling and sending it through the mail violates Title 18, United States Code, Section 1302, the Postal Lottery Statute.

Starting out in the United States, it’s quickly spread across the globe. It wouldn’t be a surprise to find iterations of it on different social media services like WhatsApp.

What can you do? Facebook does know about the scam, so if you spot it on your newsfeed, report it. All you have to do is click on the downward arrow to the top right-hand corner of the post, then click Report Post — from there, select your reason, and follow the instruction.


And the only other advice is obvious: do not send any money!

2. Malicious Messenger Extension

Most of us trust a link or attachment sent from a friend or family member, but a recent scam plays on this false sense of security 5 Security Software Myths That Can Prove Dangerous Malware is still a thing! Tens of millions of PCs remain infected worldwide. The damage ranges from unstable computers to identity theft. What makes people not take malware seriously? Let's uncover the myths. Read More .

The scam entails an infected account sending a photo saved as a Scalable Vector Graphics (SVG) image: this XML-based image and animation format What Is an XML File and How Can You Open and Use It? You may have seen the term "XML." You might even have accidentally opened an XML file. What is XML and how do you use it? Read More  has been in development since 1999, and is supported by all major browsers Which Browser Is Best? Edge vs. Chrome vs. Opera vs. Firefox The browser you're using right now may not be the best one for you. The browser arena changes so frequently that your conclusions from comparisons made last year may be completely wrong this year. Read More . Clicking on the photo (which doesn’t display a preview) redirects you to a fake YouTube page, and further informs you that you can’t watch the video without an extension for Google Chrome The Best Chrome Extensions A list of only the best extensions for Google Chrome, including suggestions from our readers. Read More .

SVG Spelled in Coffee Foam
Image Credit: Yuko Honda via Flickr


Once you download that extension, it quietly sits in the background, consuming your data, including but certainly not limited to: your usernames, passwords, online banking details Is Online Banking Safe? Mostly, But Here Are 5 Risks You Should Know About There's a lot to like about online banking. It's convenient, can simplify your life, you might even get better savings rates. But is online banking as safe and secure as it should be? Read More , emails, websites your frequent, and any other Personally Identifiable Information (PII). It may falsify versions of PayPal, Amazon, or other services that require payment details.

It also piggy-backs on your Facebook account and sends the SVG file to all your contacts. Needless to say, it spread throughout the network incredibly fast, so it’s no surprise if you have already seen this scam.

Facebook has addressed the issue, filtering SVG files, and the malicious extension has been removed from the Google Store, so, in theory, the problem has been fixed.

Oh, But It’s Ransomware!

Except this is actually a variation of the Locky ransomware which plagued the internet Your New Security Threat for 2016: JavaScript Ransomware Locky ransomware has been worrying security researchers, but since its brief disappearance and return as a cross-platform JavaScript ransomware threat, things have changed. But what can you do to defeat the Locky ransomware? Read More earlier this year. It typically locks your computer (hence the colloquialism), encrypts all your files, and demands payment through Bitcoin. Victims really are held to ransom A History of Ransomware: Where It Started & Where It's Going Ransomware dates from the mid-2000s and like many computer security threats, originated from Russia and eastern Europe before evolving to become an increasingly potent threat. But what does the future hold for ransomware? Read More  as there’s no free decryption software. Your other option is to completely wipe your hard drive, and lose all your files.


Thus, Locky is a form of malware that can’t easily be defeated, having reared its ugly head in May and June 2016 3 Essential Security Terms You Need to Understand Confused by encryption? Baffled by OAuth, or petrified by Ransomware? Let's brush up on some of the most commonly used security terms, and exactly what they mean. Read More . It came back via the Nemucod malware downloader, disguised as a SVG image, and was only noticed again this month. It would be naïve to think cybercriminals won’t find a way around the efforts of Facebook and Google.

Facebook Cyber Criminals
Image Credit: Christopher via Flickr

What can you do? First of all, do not click on SVG files. This scam fortunately stood out because it wasn’t accompanied by any text — no personalized message, nothing frivolous. That should alert you that something’s wrong. Contact whoever is supposed to have sent it, and alert them that their account is likely infected. This shouldn’t really be a problem anymore, but we expect Locky to morph into another form imminently.

If you’re worried that you’ve already fallen victim, you can uninstall the extension by clicking Menu > More Tools > Extensions, then locate the fraudulent extension and select Remove from Chrome.

It’s not just Facebook either: reports of images infected with malware have come in from LinkedIn, so trust your instincts. If something doesn’t feel right, don’t click it.

3. The Blessing Loom

Here’s another example of the evolution of hoaxes.

You get an invitation to a messenger app — it might be Facebook Messenger or more often than not, WhatsApp. You’re shown a loom, with one name right at the center, then further names branching out. The first person recruits two others. Each of them recruits two more. And this goes on, and on.

blessing loom scam

A place in the loom will generally only cost you $100. That money, paid into a PayPal account, goes to the person in the middle of the loom. Once you recruit two more people, you get $800. Lovely. You advance a level when all the places have been filled.

However, you actually don’t receive a single cent. Different looms offer different payments, so you might lose $25, $50, or $100; so-called rewards are typically 8 times the amount you put in. Attorney General, Bill Schuette says:

[I]f a program begins with one person who recruits two people, each one of whom recruits two more people, and so on, in only 28 levels practically the entire population of the United States — every man, woman, and child — would be involved.

In fact, he says that 268,435,455 participants would have to be involved on the 28th level.

If this feels related to the Secret Sister scam, that’s because they’re both the latest versions of pyramid schemes, an unsustainable business plan which ultimately ends in heartbreak. This, too, is viewed as a criminal offence, depending on where you live.

What can you do? Don’t take part in such a scheme. You will lose out. Facebook and PayPal both have policies against pyramid schemes, so again, it’s worth reporting the post. Nonetheless, search Facebook for the Blessing Loom, and too many results will come up.

If someone invites you to a different messenger 7 Best Facebook Messenger Apps for Desktop and Mobile Like Facebook Messenger, but want more flexibility? Don't worry, third party developers have your back. Here are the best Facebook Messenger apps you can get, apart from the official one. Read More , refuse. And don’t forget to warn your friends: the only way to beat these scams is by spreading the word.

Have You Spotted Any Other Scams?

However tempting these posts seem, don’t fall for them 7 Scams to Watch Out for on Black Friday and Cyber Monday While you shop for deals this Black Friday and Cyber Monday, scammers will be looking for YOU. Here's how to shop safely online. Read More .

Remember that these are just the latest in a long, long line of Facebook scams How to Identify a Facebook Scam Before It's Too Late Facebook scams are all the rage, and they can sneak up on you. Here are some warning signs to look out for so you don't get caught in one. Read More . They’re always evolving, so abide by some basic security measures 7 Scams to Watch Out for on Black Friday and Cyber Monday While you shop for deals this Black Friday and Cyber Monday, scammers will be looking for YOU. Here's how to shop safely online. Read More , like not taking conversations to different platforms, and definitely not sending any money. Don’t download anything or click on a link from someone you don’t trust. And even if you do trust them, stay skeptical.

Keep a level head this Christmas 5 Easy Ways To Have A Frugal Christmas And Not Be Called A Scrooge This Christmas, why not give your wallet a break? Being frugal could mean being responsible about expenses and spending wisely. If you want to save money this holiday season, here are some quick tips. Read More .

Have you fallen foul of any scams on Facebook? Do you have any further advice to offer?

Image Credits: Anton Watman/Shutterstock

Related topics: Facebook, Online Privacy, Online Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *