Facebook scams in 2026: How to spot and avoid them

What are Facebook scams?

Facebook scams are malicious schemes that exploit users through posts, comments, ads, direct messages (DMs), and listings on Marketplace. These scams vary in severity — from deceptive giveaways that harvest engagement to account cloning schemes that can result in identity theft and financial loss.

Most common types of Facebook scams

Facebook scams take many forms, but they generally fall into categories based on the platform feature they exploit or the bait they use. Protect yourself by learning to recognize these common types of Facebook fraud.

• 1. Facebook Marketplace scams

• 2. Facebook Messenger scams

• 3. Romance and dating scams

• 4. Fake giveaway and prize scams

• 5. Phishing scams

• 6. Investment and financial scams

• 7. Clickbait and malware scams

• 8. Charity and fundraiser scams

• 9. Job and employment scams

• 10. Quiz and survey scams

• 11. Modeling and talent scout scams

• 12. Ticket and event scams

• 13. Coupon code scams

• 14. Inheritance scams

1. Facebook Marketplace scams

Facebook Marketplace connects buyers and sellers directly. This setup makes it a popular target for scammers looking to make a quick buck.

These online shopping scams affect both buyers and sellers, so always vet the other party to protect yourself. Watch for underpriced luxury items and requests for personal information.

Fake listings and counterfeit goods

Facebook scammers use fake listings to advertise products they don’t own or to sell counterfeit goods. They often steal photos from other websites and list items at significantly reduced prices. Once you send the payment, the item never arrives, or you receive a cheap knock-off. 

Signs of a fake listing:

• The asking price is well below market value.

• The seller uses generic images rather than unique photos of the actual item.

• The seller refuses to meet in person or provide a video of the product.

• The seller’s account has little to no history.

Overpayment scams

Overpayment scams target sellers. A fraudulent buyer contacts you and claims to have sent a payment larger than the agreed price. They say it was an accident and ask you to refund the difference.

The original payment usually comes from a stolen credit card or a fake check. When the bank eventually reverses the transaction, you lose both the item and the money you sent.

Off-platform payment scams

Facebook’s purchase protection only applies to transactions made through on-site checkout. In off-platform payment scams, the other party pressures you to pay outside the platform through peer-to-peer payment apps like Zelle. If you go along with this request, scammers may send forged payment confirmation screenshots or claim a transfer is pending until you provide a tracking number.

Fraudsters prefer off-site payments for specific Cash App scams and Venmo scams because personal transfers function like digital cash and lack buyer protection. If you send money to a fraudster this way, you can’t recover the funds.

Rental and apartment scams

Phony rentals are common on Facebook Marketplace. Scammers use misleading pictures or post properties that belong to someone else. They may also use bait-and-switch tactics where the advertised unit is unavailable, but a more expensive one is open.

You must research the listing to protect yourself. Reliable listings include the specific address and owner information. Always tour the property in person before paying any deposit.

Signs you’re dealing with a scammer:

• The landlord refuses to show you the property in person.

• They claim to be out of the country.

• They pressure you to pay a deposit immediately.

• The rent or asking price is significantly lower than that of similar properties in the area.

2. Facebook Messenger scams

Messenger is one of the main gateways through which Facebook scammers contact their targets. They can pretend to be long-lost friends, organization representatives, friends of your relatives, or even celebrities. They use Messenger to send you fraudulent offers or trick you into downloading malware.

Cloned account scams

You likely trust your friends more than strangers. That’s why scammers sometimes pose as your Facebook friends to try to convince you to give away your personal data or money.

To pull off such a masquerade, they duplicate your friend’s account details, including their name, profile picture, and recent posts. They then slide into your DMs to ask for money, fake an emergency, or urge you to click a malicious link.

It’s a cloned account scam if:

• You receive a friend request from someone you are already friends with.

• The supposed friend asks for money or gift cards out of the blue.

• The tone or vocabulary doesn't match your friend's usual style.

• They decline a Messenger call.

Video scams (“Is this you in this video?”)

If you’ve been using Facebook for a while, you’ve likely encountered messages with the text “Is this you in this video?” accompanied by a suspicious-looking link. If you refused to click the link and ignored the message, congratulations – you’ve successfully avoided the so-called “Is this you in this video?” scam.

In this social media scam, fraudsters rely on your curiosity to trick you into clicking a malicious link. Doing so often downloads malware, such as a trojan, to your device. In some cases, just clicking the link can also automatically forward the scam to your Facebook friends.

Friend impersonation scams

Friend impersonation scams share similarities with cloned account scams, but they involve a complete account takeover. Once inside, scammers exploit existing relationships by messaging the account owner’s friends to request money, gift cards, or personal information. Because the request comes from a legitimate account with conversation history rather than a duplicate profile, people often comply.

3. Romance and dating scams

Romance scams, also known as online dating scams, exploit emotional connection to steal money. Statistics show that 24% of Americans have been targeted by romance scams, which makes this type of scam one of the most prevalent, expensive, and hurtful types of online fraud.

Romance scammers create fake Facebook profiles using stolen photos and send charming messages to build a rapport with their targets. These schemes often unfold over weeks, months, or even years as the criminal does the nasty work to establish trust.

Once the scammer secures an emotional bond, they request money. Common reasons include needing funds for travel expenses, visa fees, or medical emergencies. After receiving the funds, the scammer disappears.

It’s almost 100% a romance scam if:

• A person you’ve never met in person professes love early in the relationship.

• They always have an excuse not to video chat or meet you in person.

• They ask for money or gift cards.

4. Fake giveaway and prize scams

Scammers often impersonate legitimate companies or lotteries using fake business pages. They reach users through DMs or public posts that invite them to enter contests to win cash or expensive goods like cars or merchandise. However, the prizes are never real.

Lottery scams

In lottery scams, you receive a notification claiming you won a sweepstakes you never entered. The scammer then demands an upfront payment for supposed taxes, processing fees, or customs duties before releasing the winnings. Legitimate lotteries never ask winners for a payment to receive their prize.

Fake contests

Fraudsters often copy the branding of major retailers (like Amazon or Tesla) to create legitimate-looking contest pages. They publish fake Facebook posts promising expensive prizes in exchange for likes, shares, and completing a survey.

While liking and sharing may seem harmless, these actions spread the scam to your Facebook friends. Additionally, the survey often redirects you to an external site designed to harvest your personal data — such as banking details or passwords — under the guise of shipping verification.

The giveaway is fake if:

• You won a contest you never entered.

• You must pay a fee to get the prize.

• The account running the contest lacks a verification badge.

5. Phishing scams

Phishing scams are social engineering attacks that target Facebook users both on and off the platform. In these schemes, criminals send deceptive messages designed to trick you into revealing sensitive information like your passwords or credit card numbers.

Fake 2FA code requests

Fake two-factor authentication (2FA) code requests exploit security features to hack your account. A scammer, often posing as Meta support or a friend whose account they already hacked, claims they accidentally sent a 2FA code to your phone.

In reality, they are trying to log in to your account, and that code is the final key they need. It’s important to identify and report phishing attempts to help the platform block the scammers and protect other users.

Fake Facebook emails

In fake email scams, criminals send messages that appear to come from Facebook’s security team. These emails often claim your account violated a policy or risks immediate deletion to induce panic. The goal is to trick you into clicking a phishing link that leads to a fake login page designed to steal your password.

If you are unsure whether the email is legit, use Facebook's verification tool:

1. 1.Click your profile picture in the top right.
2. 2.Select “Settings and privacy” > “Settings.”
3. 3.Go to “Accounts center” > “Password and security.”
4. 4.Select “Recent emails.”

The email is probably a phishing scam if:

• The message threatens immediate account deletion.

• The email is coming from a domain that isn’t fb.com, facebook.com, facebookmail.com, instagram.com, meta.com, or metamail.com.

• You used the platform’s verification tool and didn’t find the same email there.

6. Investment and financial scams

Facebook scammers also use ads, DMs, and comment sections to promote fake investment opportunities.

Cryptocurrency scams

Cryptocurrency scams on Facebook often rely on deceptive advertising. Fraudsters promote fake exchanges through ads or hijacked accounts, offering guaranteed high returns on investment.

They may even use deepfake videos of celebrities (like Elon Musk) endorsing the platform to build credibility. People deposit money into these fake websites, but when they attempt to withdraw their profits, the scammers lock the account and vanish.

Get-rich-quick schemes

Get-rich-quick schemes appeal to Facebook users looking for fast financial freedom rather than traditional employment. These scams often appear in group posts promising massive returns on small investments or access to “secret” money-making systems.

In practice, these offers are typically pyramid or Ponzi schemes — or fraudulent crypto opportunities. Scammers require you to invest money upfront to join a program or buy into a system. Once you pay, you receive little to no value, and the promised earnings never materialize.

7. Clickbait and malware scams

Clickbait and malware scams trick users by exploiting their curiosity. While legitimate businesses (like news agencies and online vendors) use sensational headlines to drive traffic, scammers use them to distribute malware.

Malicious clickbait posts on Facebook typically promise to reveal secrets — from government conspiracies to celebrity scandals — if you click the link. However, doing so redirects you to malicious websites that can infect your device with malware and steal your personal information.

Like-farming scams

Like-farming scams are designed to inflate engagement numbers artificially. Scammers post emotional, shocking, or heartwarming content to gather thousands of likes and shares. Once the page builds a large audience, the scammers edit the original posts to display malicious links or sell the page to other criminals for use in fraud.

Malicious links and downloads

Malicious links and downloads often disguise themselves behind sensational clickbait. Posts with headlines like “You won't believe what happened next” frequently lead to external websites infested with malware. 

Once you click, the site may claim you need a video player update to view the content. In reality, this download is a virus or ransomware.

You are better off not opening the page if:

• The headline is overly scandalous or enticing.

• The link redirects you to an unfamiliar URL.

• The site requests a download or plugin installation to view content.

8. Charity and fundraiser scams

Charity and fundraiser scams exploit people’s benevolence, often surging after major disasters like hurricanes or earthquakes. Scammers use emotional stories and stolen photos to create fake campaigns for medical bills or relief efforts. 

They may create fake GoFundMe campaigns or duplicate websites that mimic real charities to share on Facebook. In the end, the donations go to the scammer's personal account, often through apps like Venmo or Cash App.

It’s a charity scam if:

• The organizer has a new account with few friends.

• The fundraiser link doesn’t match a verified charity's domain.

• The story lacks specific details like hospital names or locations.

9. Job and employment scams

Job and employment scams prey on job seekers by offering positions they never applied for. Scammers pose as recruiters for legitimate companies, often promising high salaries for minimal work.

Their goal is to trick you into providing sensitive information, such as your Social Security number, under the guise of an application. These fake job offers frequently result in identity theft or financial loss.

It’s an employment scam if:

• The company hires you instantly without a formal interview.

• You must pay upfront for equipment, software, or training materials.

• The company asks for your banking details or Social Security number before you sign an offer letter.

10. Quiz and survey scams

While seemingly harmless, Facebook quizzes that determine, for example, “which Marvel character you are” often serve a malicious purpose. Scammers use these quizzes to extract personal information commonly used for security questions, such as your mother’s maiden name or your first pet. Disclosing these details can lead to account takeovers and identity theft.

11. Modeling and talent scout scams

Modeling and talent scout scams target users with flattery and promises of fame. Scammers claiming to be agents message you with offers for lucrative modeling contracts.

However, to secure the deal, they require you to pay upfront for registration fees, portfolios, or photo shoots. Legitimate agencies take a commission from your earnings — they don’t charge you for representation.

12. Ticket and event scams

Did you miss the chance to grab a ticket to your favorite artist’s concert? Be cautious if you find one for sale on Facebook.

Ticket and event scams exploit fans desperate for sold-out shows. Scammers post listings on Marketplace or in groups, often pricing them below market value to lure you in.

How to recognize a fake ticket seller:

• They urge you to buy immediately due to “high demand.”

• They insist on using irreversible payment apps like Cash App, Venmo, or Zelle.

• The seller's profile is new, locked, or lacks local information.

13. Coupon code scams

Coupon fraud is a common method for targeting bargain hunters. Scammers message you or post in groups with links to “free coupon codes” for popular services like Netflix.

However, clicking the link redirects you to a phishing site rather than a legitimate offer. Visiting this malicious site can expose your device to malware or lead to financial theft if you enter your credit card details to redeem the invalid code.

14. Inheritance scams

Inheritance scams are a variation of the classic advance-fee fraud. In this scheme, you receive a message from a supposed lawyer or distant relative claiming you have inherited a large sum of money.

To release the funds, the scammer insists you must pay upfront legal fees or taxes. Once you pay, the “relative” and the money are gone.

What are the latest scams on Facebook?

Scammers constantly adapt their tactics. As we move into 2026, several trends are gaining traction. Most are sophisticated variations of the scams covered above, but they feature new technology or distinct twists designed to bypass your defenses.

• AI scams. Many criminals now use AI to clone voices or faces in video calls, which makes romance scams, investment scams, and family emergency fraud — where a “relative” claims to be in trouble — significantly harder to detect.
• Courier service scams. In this scam, a fake buyer claims they can’t pick up an item personally and will send a courier (like FedEx) with cash. They then demand you pay an upfront “insurance fee” through a phishing link. In reality, the link steals your payment details, and the courier never arrives.
• Verification badge phishing. Many scammers now exploit the paid Meta Verified subscription model to launch targeted attacks. They send official-looking alerts claiming a “subscription payment failure” or that immediate identity re-verification is required to keep your badge. By threatening the loss of the badge, they trick users into handing over login credentials.
• Fake support and security alerts. Tech support scams are becoming more widespread due to automation. Fraudsters now pose as Meta agents in comment sections, offering to recover hacked accounts for a fee. Scammers also send DMs claiming your account violated copyright rules and requires immediate verification through a phishing link to avoid suspension.

How do Facebook scammers operate?

Facebook scammers primarily rely on social engineering — manipulating users into making security mistakes — though they also employ automated technical attacks to breach accounts. Their most common methods include:

• Account takeover. Hackers hijack accounts using phishing or credential stuffing. Credential stuffing is an automated technique where criminals test passwords stolen in data breaches against Facebook accounts to force entry.
• Facebook cloning. Scammers copy a user’s name, photos, and personal details to create a duplicate profile. They then send friend requests to the original user's contacts to launch further scams.
• Spoofing. Scammers mimic trusted entities, such as your friends or known brands, to lower your defenses.
• Malvertising. Criminals pay for advertisements that lead users to phishing sites or malware downloads.
• Urgency. Scammers create a false sense of crisis (like a banned account) to force you to act without verifying the facts.

What to do if you get scammed on Facebook

If you fall for a scam, acting quickly limits the damage. Your response depends on whether you lost money, data, or access to your account.

• Secure your account. If you still have access, change your password immediately and turn on two-factor authentication (2FA). If you are locked out, use Facebook’s official compromised account recovery tool at facebook.com/hacked.
• Report the scammer. Use Facebook's reporting tools to flag the profile, post, or ad. Doing so helps the platform ban the fraudster and protect others.
• Freeze your credit cards. If you shared payment details or bought a non-existent item, contact your bank immediately. Freeze your cards and request a chargeback for the fraudulent transaction.
• File an identity theft report. If you have revealed sensitive personal data (like a National Insurance number or passport details), report it to your local law enforcement agencies. In the US, file an identity theft report with the Federal Trade Commission (FTC) at identitytheft.gov.
• Scan and clean your device. If you clicked a suspicious link or downloaded a file, run a full antivirus scan to check for malware on your device.

Tips to protect yourself from scams on Facebook

To stay safe on Facebook, follow the golden rule: If an offer seems too good to be true, it probably is. Legitimate companies will never offer free money or ask for sensitive information through Messenger or email. Along with staying vigilant, take these specific precautions to limit your risk:

• Turn on 2FA. If you haven’t already, set up 2FA on your Facebook account. It’s one of the most effective safeguards against unauthorized access.
• Use strong passwords. Create unique, complex passwords for every account to prevent credential stuffing attacks.
• Adjust your privacy settings. Limiting who can see your friends list and posts reduces the information scammers can use to target you.
• Check your activity logs. Review your login history periodically. If you see unrecognized devices, log them out and change your password immediately.
• Use Facebook’s Security Checkup. To find it, click your profile picture and navigate to “Settings and privacy” > “Settings” > “Accounts center” > “Password and security” > “Security checkup.” This tool helps you review your logged-in devices and strengthen your security settings.
• Verify links before clicking. Avoid clicking on sensational headlines or suspicious URLs. If you are unsure about a link, use a reputable online link checker before opening it.
• Decline unknown friend requests. If a profile has no mutual friends, few photos, or was created recently, don’t accept the request.
• Monitor the dark web. Stolen credentials or leaked personal data from scams can end up on the dark web. Use NordVPN’s Dark Web Monitor to keep an eye out for your information. It will alert you if any of your data appears on the dark web, giving you a chance to act quickly and protect yourself.
• Use antivirus tools. Using NordVPN’s Threat Protection Pro™ tool can significantly improve your online safety.

How NordVPN helps protect you from Facebook scams

While a VPN secures your connection, advanced security features offer more direct protection against scams. NordVPN's Threat Protection Pro™ blocks access to known malicious websites if you accidentally click a phishing link. It also scans files during download to stop malware before it infects your device.

Note that while Threat Protection Pro™ filters malicious content, it can’t stop you from voluntarily typing your data into a scam form. Always stay vigilant, even when using security tools.