This scam offers you a fake grant through Facebook Messenger
If a Facebook friend sends you a message inviting you to apply for a grant, there's a good chance they've been hacked by fraudsters trying to steal personal details.
Several readers have taken to social media to warn others of messages from Facebook friends talking about an NCG (National Community Grant) and how to claim it.
We’ve previously reported on impersonation scams that prey on the trust you have for the person being impersonated and hacking scams which try to use your personal information against you.
Here’s what to look out for and what to do if you encounter this scam.
Sign up for free Which? scam alert emails to find out about the latest scams news and advice.
NCG list scam
The scam starts with a message from a Facebook friend who has been hacked. The fraudster messages with a conversation starter such as 'Hello, how are you doing mate?'. They then tell you about their day by saying things like 'I'm good, just having a coffee' to convince you that you're talking to your friend.
Next, they tell you they saw your name on the 'NCG list', which they describe as 'a national community grant that assists government employees, old, retired workers, non-workers, youths and the disabled with cash.' No such list or grant exists.
The fraudster will then ask you if you’ve received any money. They will say that they received a grant of tens of thousands of pounds, before sending you a link to make an application.
If you click on a link provided by a scammer, this could result in malware being downloaded onto your device. You may also be taken to a dodgy website where you're asked to enter your personal details, which can be used to scam you now or at a later date.
Account hacking
If you receive a Facebook message like the above, ignore it and try to contact your friend using another method to let them know their account has been hacked.
If it’s your account that’s been hacked, visit www.facebook.com/hacked to secure the account. Consider turning on two-factor authentication for added protection against any further attempts.
After being hacked, you may find your password, email or personal information such as your birthday, has been changed. You might also notice friend requests and messages that you didn’t make or send.
Staying safe
Your Facebook login details may be linked to accounts you have with other companies, so you should scan your device for malware using antivirus software.
Do this before you change your password, as if malware has been installed on your computer, it might capture your new password too.
You can also use the website ‘Have I Been Pwned’ to see if your passwords or emails have been compromised.
There are some simple steps you can take to reduce the chances of being hacked in the future:
- Set strong and unique passwords for every website you create an account with.
- Password-protect your devices (smartphone, tablet, laptop) as an extra layer of security if your device is stolen.
- If you're using a shared computer, don't allow browsers or individual websites to remember your usernames or passwords.
- Consider turning off 'auto complete' functions in your browser. These save your usernames, addresses and sometimes credit card details for when you visit retail stores online.