Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
CLOSE ×
Search
Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

How to Spot Impostors on Facebook Messenger and Instagram

Your real friends may be fake on social media


spinner image person looks at phone with a scam alert on it
Getty Images

 

Messaging apps are a great way to keep up with friends and family, but they can also be a method for scammers to defraud you.

This happened to me recently, and it’s typical of how scammers operate. I got a note over Facebook Messenger that appeared to be from a friend, right down to the name and photo. So I had no reason to question it — at first.

“Hey Marc, how are ya?”

“I’m well, thanks. You?” I replied.

“Good, thanks. In fact, really good. Did you hear about the money I received from the International Financial Corporation Grant?”

Because this was the first time I had seen such a message, my response was sincere: “Wow, that’s great, congrats!” I figured it was something tied to my friend’s work as an educator who publishes reports on teaching techniques for those with special needs.

But my Spidey sense started tingling with what came next. “You should apply, too, as they’re granting a lot of money, but only until the end of the month. Let me send you a link about it.”

At that point I knew it was a scam. I blocked the person, reported the incident to Facebook and sent a text to my friend to let him know his account was compromised.

spinner image cartoon of a woman holding a megaphone

Have you seen this scam?

  • Call the AARP Fraud Watch Network Helpline at 877-908-3360 or report it with the AARP Scam Tracking Map.  
  • Get Watchdog Alerts for tips on avoiding such scams.

Keep your guard up

Although the pitch may vary, always be suspicious when someone you know or think you know asks for something, often with a sense of urgency.

“Unfortunately, impostor scams are all too common, and we see older demographics targeted more frequently,” says Sachin Puri, vice president of marketing at cybersecurity firm McAfee. “In these cases, a hacker impersonates a family member to avoid the appearance of fraud; creates a fake, time-sensitive reason to need money, such as being in an accident; and asks the target for something of value.”

You also may find that swindlers will try to get you to leave Facebook Messenger, to avoid being tracked, and request that you continue the conversation over email. These schemes may be similar to so-called grandparent scams, by which con artists exploit grandparents’ love by pretending to be grandchildren in need of emergency cash. The messaging features on Facebook and Instagram, both owned by parent company Meta, have been able to work between the apps in addition to within each app since September 2020.

“Hackers have set up shop on social media as more people move toward social media sites like Instagram and Facebook,” Puri says. “Criminals are using social media to gather personal information and build profiles of potential victims they can target.”

How to avoid impostors

You don’t have to delete Facebook, Instagram and other social media sites or unplug your computer to stay safe. Being aware of these scams and other related fraudulent attempts is half the battle.

“Social media scams are incredibly common and wide-ranging. Scammers will try everything from impersonating fake charities, quizzes or games, coupons, prizes or even job offers, and so it’s critical to know how to spot them,” Puri says.

Just say no to strangers who send you friend requests. Closely inspect emails, messages and texts for signs of phishing. And check your credit reports regularly for suspicious activity.

9 pro tips for avoiding online deception

1. Never accept an invitation from someone you don’t recognize — or, worse, from just “Facebook User” — without a photo.

2. Be suspicious of messages on Facebook Messenger or Instagram, especially when they veer into areas where you are directed to take action or divulge personal information. This holds true even if you recognize the person or have talked in the past on social media platforms. If you aren’t sure who’s doing the typing, contact your real friend in another fashion (a phone call, email or text message) to confirm he or she sent the information. Chances are good that an unusual message is fake.

3. Block the person who sent you the message, and report the incident to Facebook right away from within Messenger. On the app, tap the profile photo, scroll down, and tap Block. Then tap Report to report the issue. On the desktop version, tap the Options icon (three dots), then tap Blocking in the left rail, then Edit, next to Block message. You can also send a message to Facebook at phish@fb.com.

4. Use common sense. Never pay for something that you know, or are being told, is free. If you must pay something to receive a grant, a gift or anything similar, it’s a scam. Fake lotteries, loans and requests for charitable donations are other pitches you may receive from your “friends.”

5. Watch out for distress schemes or grandparent scams, in which you get a message or a phone call that appears to be from a relative saying the loved one needs money because of a situation they got into. When in doubt, contact the person you know outside of social media.

6. Be suspicious of attachments, whether they are sent over Facebook Messenger or in an email or text. They may contain malware. Be equally cautious with links to a website. If you accidentally click and land on a page that is supposed to look like Facebook — it may have a similar blue logo and familiar layout — you’ll see that the name of the website in the link at the top of the page is different.

7. Don’t think you can spot scams because of misspellings, awkward phrasing or bad grammar. Those used to be clues to fraud, but con artists are getting increasingly sophisticated. Some friend requests are from artificial intelligence bots, which can be difficult to detect.

8. Change your password often. Many of us are guilty of not regularly changing passwords or of using the same password for most or all online activity. While it’s less convenient, also enable two-factor authentication. That way, you’ll need not only your password to log in to Facebook or Instagram but also a onetime code sent to your mobile device to confirm that it’s really you.

9. Enable automatic updates so the operating systems on your desktop, laptop, smartphone and tablet are updated whenever software patches to vulnerabilities are released. On a related note, be sure to use software to protect against computer viruses and keep it up to date.  

“Learning what these social media scams look like, understanding why scammers are moving toward social media and following steps to prevent scams ... are strong ways to prevent being scammed online,” he says.

Unlock Access to AARP Members Edition

Join AARP to Continue

Already a Member?