BBB Logo

Better Business Bureau ®
Start With Trust®
Northern Indiana
Scam Alert: Phishing emails using personal information from Facebook to send personalized spam
January 31, 2013

AUSTIN, Texas — Jan. 31, 2013 — Check your privacy settings on your social media accounts, Better Business Bureau warns. Scammers are using the personal data shared through Facebook, Google+ and LinkedIn to pose as your friends in personalized, fraudulent emails.

How the Scam Works:

You receive an email that appears to be from a friend or family member. The message addresses you by name, but the content is strange. Usually, it’s just a link to a website. If you click on it, you could end up downloading malware on to your computer.

Scammers find your information through your social media accounts and then exploit the fact that you’re more likely to click on a link sent by a friend. Some scammers set up fake accounts and send out friend requests to gain access to your personal information. Others rely on social media users not locking down their privacy settings, so their basic information, such as their name, email address and friends' names, can be seen by the public.

To protect your personal information shared on social media:

  • Review your security settings. Check your privacy setting on all your social media accounts to ensure you aren't sharing personal information with strangers.

  • Be cautious of accepting friend requests from unknown people. This could be a scammer’s attempt to gain access to your personal information.

  • Don’t overshare. Limit what personal information you share on your social media pages and avoid posting any personal information that could potentially be used fraudulently, such as your email address, phone number and address.
  • Report scam profiles or suspicious activity. Some social sites, such as Facebook, have instructions on how to report fake accounts or accounts that violate the terms of the site.
  • Consider enabling login notifications. This security feature will send you an alert every time your account is accessed from a new device.

  • Protect your information when using public Wi-Fi. Before using public Wi-Fi to access your Facebook account, text “otp” to 32665 to receive a temporary password to log in to your account.

If you receive a suspicious email:

  • Don't click on strange links. Even if the email came from a trusted friend or family member, do not click on any link in an email that might seem suspicious. If you have any reservations, notify the person who sent you the email to confirm what they sent and if they really sent the message.

  • Check the email address of the sender. Even though a friend's name is in the "from" field, spam email won’t always be sent from his or her email address.

  • Protect your computer. Keep your anti-virus software up to date. If you click on a link, be sure to run a virus scan on your computer right away.