Beware: A sinister new scam is sweeping across Facebook, turning trusted friends into unwitting accomplices in a plot to steal your money. It all begins with a seemingly innocent message from someone you know, lulling you into a false sense of security before revealing a cunning trap designed to drain your finances. This rapidly spreading threat preys on trust and familiarity, demonstrating just how easily your social circle can become the gateway for sophisticated cyber theft. Could your next message from a friend be a wolf in sheep’s clothing?
How the ‘How Are You’ Facebook Scam Works
This impersonation scam is currently compromising over 200 million individuals, leveraging hijacked Facebook accounts to ensnare unsuspecting victims. The insidious fraud typically begins with a seemingly innocuous message, often a simple “How are you doing today?” While it appears to originate from a familiar friend or relative, the sender is, in fact, a cybercriminal who has seized control of their digital identity.
Once in control, the fraudster uses the stolen identity to send messages to the victim’s contacts, offering what appear to be irresistible deals—think government grants, hot tubs at deep discounts, or even trucks up for grabs. These offers are anything but genuine.
Cybersecurity experts warn that the use of real names, profile photos, and friend lists makes the ruse feel authentic. Many victims don’t realize they’ve been targeted until money is already lost.
Often, the scam kicks off with a phishing message claiming the user’s account has been compromised, urging them to reset their password via a link. That link, however, leads to a fake site designed to steal login credentials. Once scammers are inside, they ramp up the deception.
A popular ploy involves offering a bogus $150,000 government grant—if the victim first pays a $2,500 “processing fee.” Some perpetrators further legitimize their schemes by creating elaborate fake product listings, complete with staged photographs of cash piles or packaged boxes.
Cybersecurity advisor Claudiu Popa highlights the psychological manipulation at play, noting, “Users are told the offer is real and time-sensitive. They are pressured to act quickly and trust the person messaging them.”
This tactic masterfully combines urgency, fabricated visual evidence, and emotional language to manipulate targets into compliance. Should a victim express skepticism regarding an offer, the scammers swiftly sever communication, blocking the individual and deleting all incriminating chat history.
Real Encounters with the ‘How Are You’ Facebook Scam
In one recent case reported by Fox News, a retired tech worker named Jim found himself on the verge of losing thousands after receiving a message from a Facebook friend about a supposed grant opportunity from a group called “Global Empowerment.” The message claimed the friend had already received her payout and encouraged Jim to contact an agent named David Kelvin.
The agent wasted no time. He told Jim he qualified for a $150,000 grant—but only if he first paid a $2,500 processing fee. To make the scam more convincing, the agent even sent a photo of a FedEx box allegedly packed with cash. But when Jim hesitated, the conversation mysteriously disappeared. The scammer had deleted the chat.
Jim later recalled that something didn’t sit right. “That’s when I started to doubt the story,” he said, pointing to subtle red flags like odd phrasing and grammatical errors—particularly the use of words like “informations.”
Another victim, Lesa Lowery from New Brunswick, fell into a similar trap—but this one started with an email that looked like it came straight from Facebook security. The message warned her of suspicious activity and urged her to reset her password. Trusting it, Lesa entered both her old and new credentials—accidentally handing full access to scammers. While she could still view public parts of her profile, she was completely locked out of her private messages and control over the account.
“I just felt helpless,” she told CBC’s Go Public. “I literally sat there and cried.”
Facebook’s Growing Security Gaps Are Fueling the Scam Surge
Experts say Facebook’s ongoing security issues are helping scammers thrive. Past data breaches have left millions of users exposed—and opened the door for more sophisticated attacks. Just last year, hackers infiltrated YX International, a third-party vendor Facebook uses to send login verification texts. The breach reportedly impacted around 50 million users.
That same month, another major incident surfaced: over 200,000 user records from Facebook Marketplace were leaked and shared on a hacker forum, according to cyber news outlet HackRead. The exposed data included personal details, making it easier for scammers to tailor their schemes.
To make matters worse, cybersecurity researchers have found that phishing kits like RaccoonO365 are now being sold as easy-to-use services. These tools can steal login credentials and even bypass two-factor authentication, once considered a strong safeguard for online accounts.
Two-factor authentication works by requiring a second step—usually a code sent to a user’s phone or email—to confirm identity during login. But with advanced phishing kits in circulation, even this extra layer of protection isn’t foolproof anymore.
How to Protect Yourself from Facebook Scams
With scams growing more convincing by the day, cybersecurity experts urge users to take proactive steps to protect their accounts and personal information. Their top advice? Start with the basics: always use strong, unique passwords for each online account and enable two-factor authentication to add an extra layer of security.
Be cautious when it comes to unsolicited emails or messages—even if they appear to come from friends, government agencies, or familiar platforms like Facebook. Never click on links or share personal details unless you’re certain the source is legitimate.
Experts also recommend installing trusted antivirus software, keeping an eye on your identity through monitoring services, and even going a step further by removing your details from people search and data broker websites.
Also, remember the clear guidance from the Federal Trade Commission: no legitimate government grant program will ever ask you to pay a fee to receive money. And if someone claiming to represent Facebook or the FTC asks for your password, login code, or any kind of payment—it’s a scam, plain and simple.
Sources: The Daily Mail, Fox News, CBC