Here are some common money scams you should look out for when sending and receiving money in Messenger:

For scams that involve money on Facebook, cyber criminals will either create fake accounts or hack into existing Facebook accounts of people you may know. The fake or compromised accounts will then try to trick you into giving them money by sending you personalized messages in Messenger. If a scammer tries to message you, report them.

• Romance scams: Romance scammers typically send romantic messages to people they don't know, often pretending to be divorced, widowed or in a bad marriage. In order to pay for things like flights or visas, they'll engage in online relationships in hopes of receiving money. They may use photos they've found online of representatives from official institutions like the military, or government agencies. Their goal is to gain your trust, so the conversations may continue for weeks before they ask for money.
• Lottery scams: Lottery scams are often carried out from accounts impersonating someone you know, or fake profiles pretending to represent an organization. The messages will claim that you're among the winners of a lottery and that you can receive your money for a small advance fee. The scammer may ask you to provide personal information, such as your physical address or bank details.
• Donation scams: These scams are done by accounts impersonating famous religious figures, or by accounts pretending to be representatives from various charities or orphanages. In the messages, the scammers will ask for donations.
• Inheritance scams: The scammer will claim to be a lawyer or from another legal authority, pretending to represent the estate of a deceased person. The messages will state that you're entitled to the inheritance. The scammer may ask you to provide personal information such as your physical address or bank details.
• Loan scams: Loan scammers send messages and leave posts and comments on Pages and in Groups offering, or claiming to know someone offering, instant loans at a low interest rate for a small advance fee.
• Government grant scams: If an individual contacts you about an opportunity to obtain free money in the form of a grant from the federal government, be extremely wary.
• Give me money, I'll return even more!: After duplicating your friend's account, scammers are using the account to get you to pay them with the promise of returning much more. Your "friend" will tell you that they paid an amount and received a huge return, and recommend you do it too.
• Free coupons: You have probably seen this many times. You are promised free coupons at large retailers worth more than usual, or coupons for a free vacation. All you need to do is use your Facebook login on a site, and you'll get a free vacation—or your social media identity will belong to someone else without the vacation.
• Is this you? Lol: This is a scam that has been around for some time. Usually, a link to a video is included with a description from a "friend." The link is normally a virus or browser hijacker.
• The "Who Viewed Your Profile?" and "Someone unfriended you!" Scams: If you are active on Facebook, you have probably seen these. Facebook does not advertise these types of activities.
• Contest Scams: This is another common scam, and it is as simple as setting up a fake page on Facebook, marketing it with a great contest, and collecting information from everyone that joined. One such scam claimed that those who shared the link would get a $1,000 IKEA gift card, and more than 40,000 people fell for it.

Other common Facebook scams:

• Duplicating Your Account: Fraudsters can copy the email template from Facebook, which makes it look like you have an official message. Once you enter login information, the phishers can duplicate your account, hold it for ransom, or begin asking your friends for money or information.
• Viral Videos: Since viral videos can be irresistible to most of us, they are often used by scammers. Malicious videos can install a virus onto your system if you click on the video or requests to update your video player. This scam can be shared with your friends, who believe the message they receive is safe since it looks like you shared it.
• Identity Theft: Facebook accounts can be used to crack other passwords. If your account is duplicated, your information can be used to determine the answers to knowledge-based authentication questions that verify the identity of the account owner. Multi-factor authentication is a good idea to use on all of your accounts.
• Burglary: Criminals also use Facebook to determine if a potential victim is at home or not. Publicly sharing information about vacations and other times away is exactly what burglars are looking for.
• Geo-Stalking: Criminals can use the GPS technology of social media to stalk and find a target. You should turn off your social media location settings.

To protect yourself from scammers, watch out for the following:

1. People asking you for money who you don't know in person
2. People asking you for advance fees in order to receive a loan, prize or other winnings
3. People asking you to move your conversation off of Facebook (example: a separate email address)
4. People claiming to be a friend or relative in an emergency
5. Poor spelling and grammatical mistakes

How to Stay Safe on Facebook

1. Do not 'friend' strangers.
2. Do not click on unsolicited links, and report suspicious requests.
3. Do not pay for anything with gift cards.
4. Do not engage with any government agency or bank through Facebook.
5. Avoid people or accounts directing you to a page to claim a prize.
6. When talking to a new Facebook friend, call the friend offline to make sure you're communicating with your actual friend.
7. Report any impostor accounts to Facebook.

While social media can provide many benefits for investors, it also presents opportunities for fraudsters. Social media, and the Internet generally, offer a number of attributes criminals may find attractive. Social media lets fraudsters contact many different people at a relatively low cost. It is also easy to create a site, account, email, direct message, or web page that looks and feels legitimate – and that feeling of legitimacy gives criminals a better chance to convince you to send them your money. Finally, it can be difficult to track down the true account holders that use social media. That potential for anonymity can make it harder for fraudsters to be held accountable. As a result, investors need to use caution when using social media when considering an investment.

What You Can Do to Avoid Investment Fraud

• Ask questions. Fraudsters are counting on you not to investigate before you invest. Fend them off by doing your own digging. It's not enough to ask for more information or for references – fraudsters have no incentive to set you straight. Take the time to do your own independent research.
• Research before you invest. Unsolicited emails, message board postings, and company news releases should never be used as the sole basis for your investment decisions. Understand a company's business and its products or services before investing. Look for the company's financial statements on the SEC's website, or contact your state securities regulator .
• Know the salesperson. Spend some time checking out the person touting the investment before you invest – even if you already know the person socially. Always find out whether the securities salespeople who contact you are licensed to sell securities in your state and whether they or their firms have had run-ins with regulators or other investors. You can check out the disciplinary history of  brokers and  advisers  for free using the SEC's and FINRA's online databases. Your state securities regulator may have additional information.
• Be wary of unsolicited offers. Be especially careful if you receive an unsolicited pitch to invest in a company, or see it praised online, but can't find current financial information about it from independent sources. It could be a 'pump and dump' scheme. Be wary if someone recommends foreign or 'off-shore' investments. If something goes wrong, it's harder to find out what happened and to locate money sent abroad.
  

Red flags for fraud and common persuasion tactics

How do successful, financially intelligent people fall prey to investment fraud? Researchers have found that investment fraudsters hit their targets with an array of persuasion techniques that are tailored to the victim's psychological profile

• If it sounds too good to be true, it is. Watch for 'phantom riches.' Compare promised yields with current returns on well-known stock indexes. Any investment opportunity that claims you'll receive substantially more could be highly risky -- and that means you might lose money.
• 'Guaranteed returns' aren't. Every investment carries some degree of risk, which is reflected in the rate of return you can expect to receive. If your money is perfectly safe, you'll most likely get a low return. High returns entail high risks, possibly including a total loss on the investment. Most fraudsters spend a lot of time trying to convince investors that extremely high returns are 'guaranteed' or 'can't miss.' They try to plant an image in your head of what your life will be like when you are rich. Don't believe it.
• Beware the 'halo' effect. Investors can be blinded by a 'halo' effect when a con artist comes across as likeable or trustworthy. Credibility can be faked. Check out actual qualifications.
• 'Everyone is buying it.' Watch out for pitches that stress how 'everyone is investing in this, so you should, too.' Think about whether you are interested in the product. If a sales presentation focuses on how many others have bought the product, this could be a red flag.
• Pressure to send money RIGHT NOW. Scam artists often tell their victims that this is a once-in-a-lifetime offer and it will be gone tomorrow. But resist the pressure to invest quickly and take the time you need to investigate before sending money. If it is that good an opportunity, it will wait.
• Reciprocity. Fraudsters often try to lure investors through free investment seminars, figuring if they do a small favor for you, such as supplying a free lunch, you will do a big favor for them and invest in their product. There is never a reason to make a quick decision on an investment. If you attend a free lunch, take the material home and research both the investment and the individual selling it before you invest. Always make sure the product is right for you and that you understand what you are buying and all the associated fees.

Look out for 'Affinity Fraud' Never make an investment based solely on the recommendation of a member of an organization or group to which you belong, especially if the pitch is made online. An investment pitch made through an online group of which you are a member, or on a chat room or bulletin board catered to an interest you have, may be an affinity fraud. Affinity fraud refers to investment scams that prey upon members of identifiable groups, such as religious or ethnic communities, the elderly, or professional groups. Even if you do know the person making the investment offer, be sure to check out everything – no matter how trustworthy the person seems who brings the investment opportunity to your attention. Be aware that the person telling you about the investment may have been fooled into believing that the investment is legitimate when it is not.

Be Thoughtful About Privacy and Security Settings

Investors who use social media websites as a tool for investing should be mindful of the various features on these websites in order to protect their privacy and help avoid fraud. Understand that unless you guard personal information, it may be available not only for your friends, but for anyone with access to the Internet – including fraudsters.

Ask Questions and Check Out Everything

Be skeptical and research every aspect of an offer before making a decision. Investigate the investment thoroughly and check the truth of every statement you are told about the investment. Never rely on a testimonial or take a promoter's word at face value. You can check out many investments using the SEC's EDGAR filing system or your state's securities regulator. You can check out registered brokers at FINRA's  BrokerCheck website and registered investment advisers at the SEC's Investment Adviser Public Disclosure website. 

A Few Common Investment Scams Using Social Media and the Internet

While fraudsters are constantly changing the way they approach victims on the Internet, there are a number of common scams of which you should be aware. 

Here are a few examples of the types of schemes you should be on the lookout for when using social media:

1. 'Pump-and-Dumps' and Market Manipulations
   'Pump-and-dump' schemes involve the touting of a company's stock (typically small, so-called 'microcap' companies) through false and misleading statements to the marketplace. These false claims could be made on social media such as Facebook and Twitter, as well as on bulletin boards and chat rooms. Pump-and-dump schemes often occur on the Internet where it is common to see messages posted that urge readers to buy a stock quickly or to sell before the price goes down, or a telemarketer will call using the same sort of pitch. Often the promoters will claim to have 'inside' information about an impending development or to use an 'infallible' combination of economic and stock market data to pick stocks. In reality, they may be company insiders or paid promoters who stand to gain by selling their shares after the stock price is 'pumped' up by the buying frenzy they create. Once these fraudsters 'dump' their shares and stop hyping the stock, the price typically falls, and investors lose their money.
   
   
2. Fraud Using 'Research Opinions,' Online Investment Newsletters, and Spam Blasts
   While legitimate online newsletters may contain useful information about investing, others are merely tools for fraud. Some companies pay online newsletters to 'tout' or recommend their stocks. Touting isn't illegal as long as the newsletters disclose who paid them, how much they're getting paid, and the form of the payment, usually cash or stock. But fraudsters often lie about the payments they receive and their track records in recommending stocks. Fraudulent promoters may claim to offer independent, unbiased recommendations in newsletters when they stand to profit from convincing others to buy or sell certain stocks – often, but not always, penny stocks. The fact that these so-called 'newsletters' may be advertised on legitimate websites, including on the online financial pages of news organizations, does not mean that they are not fraudulent. 
   
   
3. High Yield Investment Programs
   The Internet is awash in so-called 'high-yield investment programs' or 'HYIPs.' These are unregistered investments typically run by unlicensed individuals – and they are often frauds. The hallmark of an HYIP scam is the promise of incredible returns at little or no risk to the investor. A HYIP website might promise annual (or even monthly, weekly, or daily!) returns of 30 or 40 percent – or more. Some of these scams may use the term 'prime bank' program. If you are approached online to invest in one of these, you should exercise extreme caution - they are likely frauds.
   
   
4. Internet-Based Offerings
   Offering frauds come in many different forms. Generally speaking, an offering fraud involves a security of some sort that is offered to the public, where the terms of the offer are materially misrepresented. The offerings, which can be made online, may make misrepresentations about the likelihood of a return. 

Where can I go for help?

Investors who learn of investing opportunities from social media should always be on the lookout for fraud. If you have a question or concern about an investment, or you think you have encountered fraud, please contact the SEC, FINRA, or your state securities regulator to report the fraud and to get assistance.

U.S. Securities and Exchange Commission
Office of Investor Education and Advocacy
100 F Street, NE
Washington, DC 20549-0213
Telephone: (800) 732-0330
Fax: (202) 772-9295

Financial Industry Regulatory Authority (FINRA)
FINRA Complaints and Tips
9509 Key West Avenue
Rockville, MD 20850
Telephone: (301) 590-6500
Fax: (866) 397-3290

North American Securities Administrators Association (NASAA)
750 First Street, NE
Suite 1140
Washington, DC 20002
Telephone: (202) 737-0900
Fax: (202) 783-3571

There are several things you can and should do in order to manage your social media identity, which may prevent social media identity theft.

What exactly is social media identity theft? It's a form of cybersquatting using social media sites.

• If you've ever attempted to join a social media, more commonly known as a social networking site, or applied for an email account, and found that your first and last name were already taken, that may or may not have been social media identity theft, or cybersquatting.
• There may be someone out there who shares your exact name and happened to register first, or else there is someone out there who took your name so that you can't have it, or who wants to sell it back to you, or wants to pose as you and disrupt your life. These are all possibilities.
• The most damaging possibility occurs when someone wants to pose as you in order to disrupt your life. This disruption can take on many forms. They may pose as you in order to harass and stalk you, or to harass and stalk people you know. Or they may steal your social media identity for financial gain. The thieves use a combination of email and social media to extract funds from others, or to open new accounts.
• There are hundreds, or maybe even thousands, of social media sites, web-based email providers and domain extensions. Then there are all the blog portals, such as WordPress and Blogspot. Even your local online newspaper has a place for user comments, and most people would want to register their own names before someone else comments on their behalf.
• Social media websites offer the option to provide your real name as well as a user name. The user name may be a fun chat handle or an abbreviation of your real name. The key is to give your real name where requested and also to use your real name as your user name. Even if you don't plan on spending any time on the site, or to use the domain or email, you want to establish control over it.
• The goal is to obtain your real first and last name without periods, underscores, hyphens, abbreviations or extra numbers or letters. This strategy won't prevent someone else from registering with your name and adding a dot or a dash, but it trims down the options for a thief.
• Some names are very common, or are also owned by someone famous. If that applies to your name, you can still take actions to manage your online reputation. If there is any uniqueness to your name or the spelling of your name, it's still a good idea to claim your name in social media and work toward managing your online reputation.
• Understand that your name is your brand. Your name is front and center on every document you sign and every website that shows up when your name is searched. The phrase, 'All I have is my good name,' has never rung truer than today. If you are a writer, blogger, personality of any sort, or anyone who 'puts it out there,' you probably already know enough to do these things. But there is more to do.

Manage Your Social Identity

If someone, perhaps a potential employer or mate or client, searches your name on Google Web, Google Blogs or Google News, what will they find? Will it be someone else posing as you? Will it be a picture of you doing a keg stand? Or will it be you in your nicest outfit, accepting an award for an accomplishment? Either way, you need to manage your online identity and work toward preventing social media identity theft.

• Register your full name and those of your spouse and kids on the most trafficked social media sites, blogs, domains or web based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It's up to you to decide whether or not to plug in your picture and basic bio, but consider leaving out your age or birthday.
• Set up a free Google Alerts for your name and get an email every time your name pops up online.
• Start doing things online to boost your online reputation. Blogging is best. You want Google to bring your given name to the top of search in its best light, so when anyone is searching for you they see good things. This is a combination of online reputation management and search engine optimization for your brand: YOU.
• If you ever stumble upon someone using your likeness in the social media, be very persistent in contacting the site's administrators. They too have reputations to manage and if they see someone using your photo or likeness they would be smart to delete the stolen profile.

• Review your security settings: Check out Facebook's information on setting your privacy settings to be sure you aren't sharing personal information with strangers. Look here for information on what can be found publicly in search engines.
  
  
• Who Can Contact You:  Click on the padlock icon on the top toolbar (on the right hand side), then click 'Who can contact me'.
  
  Basic Filtering:  By default this is set up as 'Basic Filtering' to allow friends and people you may know the opportunity to send you a message. If you want only friends to be able to contact you, you can increase the filtering on your inbox. Other messages will then be diverted to your 'other' folder which you can access from the Messages screen.
  
  Strict Filtering: To do this, click 'Strict Filtering' under 'Whose messages do I want filtered into my Inbox?'  From this area of the screen you can also limit who is able to send you a friend request, choosing between everyone or just friends of your friends.
  
  

• Friend Requests:  Never accept Facebook friend requests from unknown people.  
  
  Scammers find your information through Facebook or other social media accounts. Some set up fake accounts and send out friend requests. When you accept the request, they can view your friends and personal and contact information. Other scammers rely on social media users not locking down their privacy settings, so basic information, such as your name, email address and friends' names, is publicly available.

• Links: Don't click on strange links, even if they're from friends. Notify the person who sent you the email if you see something suspicious.  For example, you receive an email that appears to be sent by a friend or family member. The message addresses you by name, but the content is strange. Usually, it's just a link to a website. If you click on it, you could end up downloading malware to your computer. 

• Notifications: Consider enabling login notifications, so you will know when someone uses a new device to access your account.
  
• Public Wifi:  When accessing Facebook from public wi-fi in places like hotels and airports, text "otp" to 32665 to receive a one-time password to your account.
  
• Timeline Posts:  Make sure only your friends can see your timeline posts.   While certain elements of your profile are viewed by everyone, many other aspects of your timeline can be blocked.
  
  Future Posts: Make sure all your future posts are locked down. Click on the padlock icon on the top toolbar (on the right hand side), then click 'Who can see my stuff?'.
  
  Under 'Who can see my future posts', choose from:  Public. Friends, Only me, Custom (which allows you to limit some of your friends from seeing your posts).  Pick what's best for you, but make sure 'Public' isn't selected. Whatever you choose will then become the default every time you post an update (though you still have the option of selectively changing this for each individual update you post in the future).
  
  Previous Posts: Click the arrowhead on the top toolbar (on the right hand side). Choose  'Settings' > 'Privacy Settings'
  
• Login Approvals:  You can choose to have an extra layer of security when accessing your account from an unknown browser. Facebook will send a code to your phone which you will then need to use to login.
  
  Click the arrowhead at the top right of any page and choose 'Settings', then 'Security' from the left hand menu, then 'Login' approvals. Check the box that says 'Require a security code to access my account from unknown browsers'. Facebook will then take you through the process of setting up login approvals so click on 'Get Started' to begin.
  
  Once you have set up login approvals you will only need to enter a code when you try to login from a new device. It is a feature that makes it that much harder for a hacker to gain access to your account and as such is well worth enabling.  Note: if your browser clears your history on exit, or has private browsing switched on, you may need to enter a code every time you log in.
• Privacy Settings:  Scammers are tapping into the personal data available through social networks to pose as your friends in fraudulent emails. Watch out for these personalized scam messages and take steps to prevent them.
  
  Click Privacy on the left hand menu, and under 'Who can see my stuff', click 'Limit past posts'. From here you can change all your past post visibility to 'Friends'.
  
• About Us Section:  It's also worth checking out the visibility of the stuff listed under the 'About' section of your profile.
  
  On your timeline, click 'Update info' and then click 'Edit' next to the area you wish to change the visibility for. Choose from the options of 'Public', 'Friends', 'Only me' or a 'Custom' list of people.

How LinkedIn can be used by a hacker, phisher and for social engineering

• Phishing - As part of your network, a LinkedIn contact can see your email address (if you made that available). Since LinkedIn helps to create an established business connection, you may be more apt to open a phishing email. A criminal can better tailor the phishing email if they know your profile.  Knowing what you do for a living, what type of job you have, etc. makes it easier to create a legit looking phishing email.
  
• Compromised Data - In 2012, LinkedIn lost the email addresses and passwords for more than 100 million users. This data is still readily available on the dark web and is a goldmine of credentials because a lot of people are lazy and either don't know or don't care about good password hygiene. In fact, reused credentials are one of the most common causes behind data breaches.
  
• Viewing all employees - A feature like 'see all employees' can help a criminal identify targets. In terms of what they do with this information, an attacker might use their knowledge of a company's structure to pose as someone's boss or colleague and trick them into sharing confidential information or clicking a malicious link.

• Viewing all connections - By reviewing an organization's many LinkedIn connections, a hacker can start to build a detailed picture of an organization's suppliers, technology providers and other third party services. This can help them identify potential entry points within their target's technology stack e.g. their CRM, HR or payroll systems. An understanding of which technologies are in use can also help a hacker understand what security systems may be in place and, more importantly, which systems are vulnerable.
  
  Furthermore, imagine the scenario in which an attacker cannot infiltrate their target directly. If resourceful enough, they may try to use LinkedIn to work out which suppliers and partners they use, in a bid to infiltrate them instead. It's easy to imagine a bank's marketing agency having more lax security than the bank itself, and that's exactly why they may end up an unwitting entry point to their client's network.
  
• New job posts offer insight into technology - When hiring technical roles, particularly IT or system admin positions, LinkedIn job posts can reveal a lot of valuable data. This can include the technology underpinning critical business operations, for instance which databases, operating systems, storage and scripting languages are in use across the organization. For hackers, this is priceless information that can help them mount a successful attack.
  
  Job ads can also reveal details of upcoming IT projects such as infrastructure upgrades e.g. moving to a cloud service provider. These kinds of projects may be a good entry point since security processes may be less mature and a new hacker infiltrating the network may be harder to spot while the organization still hasn't created a baseline of normal activity.
  
• Using curiosity to spread malware - Perhaps LinkedIn's greatest asset is its ability to tap into the curiosity of its users, but hackers can use this to their advantage too. They know that if a stranger visits someone's profile, the first thing they are likely to do is to click on their profile in an attempt to find out why. For instance, a hacker may create a fake profile and view the profiles of several targets. They could place a malicious link on their profile hoping that it is clicked by a curious target, at which point LinkedIn is effectively a delivery mechanism for malware.

Precautions to keep you safer

LinkedIn users need to understand the value of their data, be more guarded when posting and viewing content online, and always be aware of the cybersecurity threat. Hackers are out there; they are smart, organized and resourceful, and they won't think twice about using a service like LinkedIn to get to their target – which could easily be you.

Don't accept LinkedIn connections from:

• people you don't know or know of.
• people who you don't at least have a second - or third-hand connection to you.
• people who have no trusted trusted connections.
• people with very few connections.

How to research LinkedIn

• Take a second to insure that the LinkedIn profile really belongs to the person it says it does. Check to see if you have mutual connections on LinkedIn and, if you do, reach out to those individuals to verify.
• When in doubt, use Google's 'Search By Image' feature to see if the photo is of the person it says it is. Often fake profiles feature photos from ads or of models.
• Check periodically to make sure no one's opened an account in your name, or in a common variant on your name. 
• If you see profiles, messages or content this looks suspicious, report it to LinkedIn. 

How to report abuse

• Look for the three dots in the upper right corner, click report and select the best option that describes your concerns. You can also contact LinkedIn's customer service team directly through the Help Center.