Consumer buying goods on Facebook Marketplaces while falling for a fraudster's scams

When you think of Facebook, you probably think of FOMO-inspiring vacation pictures or political rants from that side of your family. But if you’re not also thinking about commerce, payments, and fraud, you don’t know Facebook. Or more accurately, Facebook Marketplace. And if that’s the case you probably don’t know about Facebook Marketplace scams.

To be sure, Facebook Marketplace creates happy customers, an avenue to upcycle gently used items, and a side hustle for millions. But it’s also rampant with scammers. With over 1 billion active users as of last year, and the ability to sell even big-ticket items like cars, fraudsters can cast a wide net to lure scam victims. Unlike other large digital marketplaces like Amazon or eBay, the platform lacks strong know your customer and customer due diligence (KYC/CDD) controls. Anyone with a Facebook account, can sell and buy on Facebook Marketplace, making it vulnerable to abuse.

What’s more, fraudsters’ tactics have evolved to become highly sophisticated. Given these developments, banks have a critical role to play in helping customers stay safe from Facebook Marketplace scams.

4 Sophisticated Facebook Marketplace Scams to Watch

The most common Facebook Marketplace scams involve fraudsters selling counterfeit, defective, broken, or non-existent items. In other cases, fraudsters list rare or hard to find items at prices that seem too good to be true…because they are. They use high-pressure tactics to convince victims to transfer money and then disappear.

However, recent developments suggest fraudsters are using much more advanced tactics for scams. Here’s how more evolved Facebook Marketplace scams work.

Sophisticated Scams Targeting Sellers:

  • Overpayment Scams: In an overpayment scam, a buyer sends a seller more money than the agreed upon price. They offer reasons like they want to compensate the seller for shipping costs or claim it was an accident. Common payment methods include P2P services like Zelle, Venmo, and PayPal. Other options include cash or paper checks. Next, they request the seller send them the overage. After sending the overage payment, sellers learn the original payment was declined. Sellers ship merchandise, but never get paid for it. They’re out the cost of goods and they actually pay the scammer by reimbursing them for the fake overage. 
  • Zelle Upgrade Scams: Some scammers tell their victims they have to upgrade their Zelle account in order to send them money. The victim gets a phishing email claiming to be from Zelle along with a message from the buyer. They claim they attempted to send the seller a payment through Zelle but it wouldn’t process because the seller needs to upgrade to a business account. At this point, they pressure their victim to send them extra money for the upgrade fee. Once the money is sent, the victim realizes they were never sent a payment and have lost the “upgrade” charge.

Sophisticated Scams Targeting Sellers and Buyers: 

  • Identity Theft: Fraudsters often urge their targets to shift communication from Facebook Marketplace to a new channel that isn’t as closely monitored. These can include text messages or WhatsApp. They ask the victim to share their personal information, like phone number, email address, or a photo ID to confirm their identity. Once they have this information, they use social engineering to build a fake profile with their target’s information. From there, they use the socially engineered profile to buy or sell goods in their victim’s name. Some will apply for loans or open accounts on risky sites using the victim’s name. The victim doesn’t realize their identity was stolen and faces the fallout from the fraudster’s tricks.
  • Google Voice Scams: In this case, fraudsters ask their targets for their phone number in order to “verify their identity” for their own peace of mind. Once the victims provides their number, they use it to register for a Google Voice number. This triggers a verification code to be sent to the victim’s phone. The fraudster asks them to share code to complete the verification  process.  After sharing the code, the fraudster can register a Google Voice account using the victim’s number. This allows scammers to use the victim’s real phone number to hide their identity while they commit other scams. They can also open accounts using the victim’s name and phone number to bypass two-factor authentication (2FA).

How Banks Can Protect Customers from Online Marketplace Scams

One of the challenges of Facebook Marketplace scams is scammers take advantage of the weakest link in the payments chain: the customer. Most payments are performed using P2P services like Zelle, meaning victims intentionally authorize the transfers. 

Does this mean banks are off the hook for the losses? Not so fast. Recent developments suggest liability for fraud is shifting to banks. If this trend continues, banks would be wise to help keep their customers safe from Facebook Marketplace and other online scams.

Here’s what banks can do to protect their customers.

Know Your Customer’s Normal Behavior

Keeping customers safe from risky decisions begins with understanding what’s normal behavior for each customer. If the customer is initiating a large transfer to a new payee, banks can flag the transaction or ask the customer if they intend to make the purchase. This is also a good opportunity to warn them of potential scams.

Monitor Customer Devices, Including Using Behavioral Biometrics

Understanding the customer’s normal device patterns is another important step to stopping Facebook Marketplace scams. Banks should note the location, time of transaction, and the network used when a transaction was made to determine if something is wrong. As fraudsters turn to tactics like Google Voice scams, banks will need to know if their customer’s normal phone number is suddenly behaving strangely. Banks should also utilize behavioral biometrics so they can detect if it is indeed a customer using the device or someone else. 

Analyze the Payment Recipient

It’s equally important to develop a profile of the recipient of funds. For example, if a transfer is made using Zelle look at the age of the account. An account that only opened recently and shows very little activity is cause for alarm. P2P accounts that only appear to receive funds – not make outgoing payments – should also raise red flags. Banks should also study the digital footprint of the recipient’s device and whether it’s been used before or if it’s connected to any troublesome patterns. Consider offering a Confirmation of Payee service that confirms who is receiving a payment. This service can be modeled on what many UK banks currently offer.

Educate Customers

Banks should also step up their education efforts to make sure customers can spot common Facebook Marketplace scams and teach them about emerging ones. Work with consumer advocacy groups to educate customers on best practices when shopping online. Tips should include never leaving the online platform to finish the deal, don’t reveal personal information, and don’t give in to high-pressure tactics. Consumers should also review other users’ Facebook accounts to see when they joined. An account that was only created in the past week might be a scammer and should be avoided. 

Facebook Marketplace is 1 billion customers strong. Unfortunately, it’s also a strong hunting ground for scammers. As consumers continue to use the platform, banks must do their part to keep them safe from scammers. After all, no bank wants to get unfriended by a customer who has been targeted by a fraudster.

Want to learn how to protect your customers from online scams? Schedule a demo with our team to learn how to keep your customers safe from existing and emerging threats.