Facebook Small Business Grant Scam Leads to Identity Theft
A new Facebook grant scam is circulating in an attempt to steal sensitive information used to commit identity theft. The scam uses an imposter news post to lure Facebook users with the promise of free money for people impacted by COVID-19.
Although there is a real Facebook grant program, this scam is not part of the real scam and it’s not for individuals. The cybercriminals behind this scheme want you to think the social media platform is handing out cash to anyone who applies. That’s not the case.
The legitimate Facebook Grant Program is a $100 million program designated for small businesses hurt by the COVID-19 pandemic. When approved, eligible businesses can receive a grant for $3,300, announced Facebook.
This Facebook Grant scam was spotted by cyber security researchers at Kaspersky.
How the Facebook Grant Scam Works
Scammers spread the scam via direct messages and posts on hacked accounts. The message contains a fake news post supposedly from CNBC. The news post looks very similar to a post from the legitimate CNBC Facebook page.
CNBC did write about the grant program. The scammers have created a post that looks similar but contains grammar errors. Something that is common in online scams.
Free Money is a Strong Lure
The fake CNBC post contains a link to a website that spoofs a Facebook domain name. The fake website has no connection to Facebook or any legitimate grant process.
If a user is tricked by the Fake post,, they are directed to a spoofed web page. The scam landing page is designed to look like the Mercy Corps site. Mercy Corp is a charity that renders aid to victims of natural disasters and armed conflicts.
After the victim clicks over to the fake charity website, they are prompted to enter their Facebook username and password.
If they do enter their Facebook login credentials, that information is harvested by the hackers.
They will use it to create more posts and send more direct messages to the victim’s Facebook friends so they can ensnare more victims.
Next Facebook grant scam victims are then informed they must “verify” their personal information before accepting the money.
Applicants are asked to enter their address, Social Security number (for U.S. citizens), and a photo of both sides of their government identification. All fields are required.
Of course none of this personal data will be used to send people grant funds. It will be used to steal money and your identity.
The sensitive data and photo ID can get a scammer into many online accounts. People often post the answers to common password reset questions on social media. Your pet’s names, hometown, and parent’s names are all common passwords and reset hints.
Legit Facebook Grant Program
The legitimate Facebook Grant program is for businesses only..Facebook is awarding money to 30,000 small businesses harmed by COVID-19. They must be in a country that Facebook operates in and have been in businesses for over one year. There are other qualifications too.
The company also has a Business Resource Hub with tips on how to get back back to business during the pandemic.
How to Spot a Facebook Scam
Many online scams including phishing emails, spoof websites, and the scams contain spelling and grammar errors. They also contain links to websites closely named for legitimate websites in hopes of tricking users who are not reading carefully.
A reliable security app can help detect and block harmful sites.
- Look for spelling mistakes and grammar errors. English is often a second language for many hackers and scammers. Spelling errors are often a sign of an online scam.
- Carefully examine any URL before you click on it. Then check it again. Scammers by website domains that are closely named for legitimate websites to trick readers.
- If an offer seems like it’s too good to be true, it probably is
- Remember that direct messages and social posts can be from a bot, a hacked account, or an imposter account.
- Be suspicious of direct messages from Facebook friends that offer money or free products
- Never pay money to get a government grant
- Check the sponsoring organization’s website for their grant application and social programs
Report scam accounts and direct messages to Facebook and Instagram