The Latest Social Media Scam: Cross-Platform Messaging Poses New Risks

5 minute read

Cyber criminals have leveraged social media for years to conduct social engineering campaigns to steal identities and information alike. Social media scams are nothing new. In fact, we’ve seen a correlation between scam activity and the ongoing pandemic in recent months. As these platforms have innovated and expanded their capabilities, so too have those actors. ZeroFox uncovered one such example using Facebook’s new messenger features. In September of 2020, Facebook rolled out a new feature that allows Instagram accounts to direct message Facebook users via Facebook Messenger. Now, in February of 2021, ZeroFox has discovered a group of Nigerian criminals that are leveraging the cross-platform messaging capabilities built into Facebook Messenger to enable a new wrinkle in traditional direct messaging scams.

Anatomy of the Social Media Scam

The scam involves a cross-platform network of accounts and messages created and sent through both Instagram and Facebook. The scammers begin by creating an impersonating account on Instagram, leveraging details found on Facebook pages, that share their connections publicly. The new account will leverage a username as similar to the Facebook display name as possible and steal the actual profile picture of the Facebook page they are targeting. 

Once that new Instagram account is set up, they will use the public list of the victim’s Facebook friends to start sending direct Facebook Messenger messages to those contacts from the new fraudulent Instagram account. 

Fictional example of a targeted user’s legitimate Facebook account.

Fictional example of an impersonating Instagram account targeting the Facebook user

Example of a message received in Facebook Messenger, from the impersonating Instagram account, with the same profile image and display name as the legitimate Facebook account. 

Value to the Scammer

Messages are sent from the fake Instagram account and appear to the recipient as legitimate Facebook direct messages from one of their friends, greatly increasing the credibility of the message. Social media users are more vulnerable to these types of scams as they are more likely to interact with the message sender who they may believe is a close friend or even family member. While impersonated direct messages are not new, the scammers leveraging the cross-platform messaging feature is a novel variation on this type of scam. 

Leveraging the cross-platform messages enables the scammer to remain undetected. Since the malicious actors do not need to compromise the target’s Facebook account, they may not be aware of the impersonation unless contacted by a friend that received the scam message. Currently, this technique only appears to be conducting scams with Facebook users’ close contacts.

Current Campaign

The current observed campaign is leveraging COVID-19 aid as the lure for interaction. Specifically, the messages claim to offer funds from a “Contingency Fund for Emergencies (CFE)” relating to COVID-19. The scammer claims that they are receiving a large financial grant and other services as part of a COVID-19 fund and suggests the recipient also apply for the funds. The scammer provides a phone number where the message recipient can contact an agent to apply for the funds. When prompted, the scammer also provided a Gmail address where the supposed agent could also be contacted. 

Actual scam message claiming the sender received a large sum of money and other benefits from a fake COVID-19 fund.

The observed campaign is being carried out by at least one Nigerian scam group. A phone number associated with the fake Instagram accounts has a ‘+234’ country code belonging to Nigeria. Additionally, during conversations with the impersonating account, the scammer admitted to being from Lagos, Nigeria, and used a colloquial Yoruba word associated with West Africa and Nigeria.  

Avoiding the Cross-Platform Social Media Scam

The most direct way to avoid this type of scam is to go into the Facebook Messenger settings and disable the ability to chat across platforms. There is also a less restrictive privacy setting that limits the ability to DM to only connections and followers on Facebook and Instagram respectively. 

Beyond these privacy controls, always remain vigilant to who is sending you a direct message. The Instagram accounts associated with this scam thus far tend to be new and do not have significant activity associated with them. Beyond those signs, remember, if a message seems too good to be true, odds are, it is.

Additional Resources

Learn more about how you can protect your brand, social media accounts and yourself across networks with these resources:

See ZeroFox in action