In April this year I wrote an article on what I call “phantom buyers”, these pretend accounts on Facebook that exploit security vulnerabilities in Facebook’s Marketplace. I have been heavily engaged in Facebook’s Marketplace for the past few months because we are preparing to move back to Missouri. So I have been quite intrigued by the frequent encounters with “phantom buyers.”
In that article, I gave a few tips on how to investigate whether a buyer was legit or not. But in this article, I will delve deeper into the subject. It all started with this bent-back chair I was offering. It is a bit pricey for the world of Marketplace, being offered for $65. The offers were almost immediate. Four messages appeared the next day, but only one was legitimate. How could I tell?
My first example is Marea Mare. Interesting name. In Italian, it translates to “Tide Sea”. But what was most peculiar was that this was an engagement that vanished before I could even investigate the account. The message was removed as soon as it was posted. I have to remind myself that 98.5% of Facebook users have the app functioning on their phone. I am one of the 1.5% who restricts Facebook usage to my computer. That means I am more deliberate on how I use the application. I am not instantaneously responding to a message on Facebook. Marea Mare was banking on it that I would receive this message over my phone and immediately respond. In my excitement of getting a quick $65, I would act before I thought, something that many people, unfortunately, do with a smartphone.
The second example is a rather attractive young lady who apparently likes to take a picture of herself while sampling cosmetics. Five indicators got my attention. First, being in Juneau for twenty years, you pretty well have the architectural layout of every major store in town. I knew that the photo was taken elsewhere. Second, she was wearing warm weather clothing. While Juneau does have a couple days of hot weather, most women in Juneau wear warmer clothing.
But from there, some indicators intrinsic to Facebook bear noting. This person had zero friends. While Facebook does provide the option of hiding information about your friends, it is a hint that this account is new. Second, almost nothing in their profile except this rather peculiar “digital creator” job description. Finally, the age of the profile being no more than three days.
The final example is rather comical. Gee, such a nice family. As you can see from their Facebook profile, the usual suspects appear: zero friends, there is that “digital creator” again, and the age of the profile being only twelve hours. But I thought I would have some fun with this one. Have you been introduced to the “image search” feature in Bing? Google has this feature as well. I pasted the photo image into Bing and checked to see if there was a match. What would you know? There it was in Pinterest.
What Are They After?
This all leads to the question of what they are after. As I noted in a previous article, two elements are almost always automatically exposed in a Facebook Marketplace transaction: your location and your phone. But noting that almost everyone who uses Facebook uses it over the phone, it is important to understand how vulnerabilities on the phone can be exploited. Top of the list are links sent through messaging. During a conversation, you might be asked to exchange money or to connect to a link. What you may get is a scripted exploit that may expose your contacts and other private information.
But beyond the technology, there are other, more old-fashioned, exploits. The end result is they want money. Obtaining your Facebook account information, your location and your phone number, they can re-sell that information to other scammers or build on that foundation to pursue you further.
“Device usage of Facebook users worldwide as of January 2022“, Statistica, February 24, 2023