One victim reported lost £3,800 after being targeted by the deception.
According to Action Fraud, criminals are using unknown methods to hack into people’s Facebook accounts and sending messages from their to the victim’s contacts.
The messages use a variety of excuses, including eBay transactions, and ask for a target to receive payments through their PayPal account and then transfer it to another account of the scammers’ choosing.
Once the funds are transferred to the their account the fraudsters use a “chargeback” claim on PayPal to reclaim the initial payment, leaving the PayPal account holder out of pocket.
PayPal says on its website: “A chargeback happens when a buyer asks their credit card issuer to reverse a transaction that has already cleared. This can mean that a payment you’ve received in your PayPal account could be reversed, even if you’ve already posted the goods – which can of course be frustrating.
“PayPal will help you as much as possible if you wish to dispute a chargeback, but the final decision lies with the credit card company. However, you can also get protection with PayPal's Seller Protection policy.”
The criminals also use the hacked Facebook accounts to request targets’ WhatsApp details, including their phone number.
In one case reported to the national fraud and cyber crime reporting centre, an initial message sent through Facebook read: "Hey I know it sounds random but do you have a PayPal account? I sold something on Ebay".
After the victim replied, the fraudster said: "Can I send you my bank details on Whatsapp I have changed my phone so send me your Whatsapp number and I will message you there".
Action Fraud has issued guidelines on how to protect yourself from the deception:
If you receive a suspicious message from a friend on Facebook, contact them via other means to check the message is genuine.
Create a strong password. Use three words which mean something to you but are random to others - this creates a password that is strong and more memorable. You should change passwords often and never use the same one twice.
Consider enabling "Login Approvals" to defend your Facebook account from hackers by following this step by step guide.
If your Facebook account has been hacked and you no longer have control, follow these guidelines on how to recover it.