Helen had been on Facebook for six years. She used it to watch the grandkids grow up, share recipes, and stay close with her church community after she moved to Florida.
Then a friend request arrived from someone she recognized — a woman from her old neighborhood in Indiana. They hadn’t spoken in years, but the profile picture looked right. Helen accepted. They chatted warmly for weeks.
Then came the investment opportunity. “I made $14,000 last month. You should try it.” Helen wired $8,500. The “friend” vanished. The real woman from Indiana had no idea her identity had been cloned.
The FBI estimates that social media fraud cost Americans $1.2 billion in 2023. Facebook remains the most-used platform among adults over 60 — and scammers know it.
What Is Facebook Senior Fraud and Why Should Seniors Care?
Facebook fraud targeting seniors isn’t random. It’s systematic.
Criminal organizations — many operating overseas — specifically recruit and train scammers to target older Americans on social media. They have scripts. They have fake profiles with years of curated history. They have patience. Some scammers spend weeks or months building trust before asking for anything.
What makes Facebook uniquely dangerous for seniors:
Seniors are Facebook’s most loyal demographic. Adults over 65 spend more time on Facebook than any other age group — an average of over 40 minutes per day. Scammers go where the targets are.
Facebook’s design rewards connection. Every feature — friend requests, group membership, Marketplace — is built to encourage engagement. Scammers exploit these same features with precision.
Personal information is freely available. Your parent’s Facebook profile may list their hometown, employer, family members, political views, and religious affiliation. Scammers use all of it to craft personalized, convincing approaches.
The emotional stakes are high. Facebook connects seniors to family, community, and friendships from across their lives. Scammers exploit those connections directly — impersonating grandchildren, old friends, and trusted community figures.
Understanding how scammers target seniors on Facebook is the first step to stopping them.
The 7 Biggest Facebook Scams Targeting Seniors Right Now
1. Cloned Friend Profiles
A scammer copies the name, profile photo, and public information from one of your parent’s real Facebook friends. They send a new friend request — “Hey, I had to make a new account, my old one was hacked.”
Your parent accepts without suspicion. Over the following days, the scammer builds rapport. Then comes the ask: a small loan, an investment tip, a link to claim a prize.
This scam is devastatingly effective because it exploits an existing trusted relationship. The tell: a second friend request from someone already on your parent’s friends list.
2. Facebook Marketplace Scams
Your parent lists a used appliance for sale, or spots a deal on furniture. The “buyer” sends a check for more than the asking price — please cash it and send back the difference. The check bounces a week later. The difference is gone.
Or the “seller” collects payment for an item that never arrives. The Facebook account disappears. No recourse.
The FBI received over 37,000 non-delivery and overpayment complaints related to online marketplaces in 2023.
3. Romance Scams
A widowed or lonely senior connects with an attractive stranger — often claiming to be a military officer, doctor, or oil rig engineer working abroad. The relationship develops warmly over weeks or months.
Then comes an emergency. Medical bills. A business deal gone wrong. Plane tickets home. “I’ll pay you back the moment I return.”
They never return. Because they were never real.
Romance scams are among the most financially and emotionally devastating frauds targeting seniors. The average victim loses over $10,000. Many victims feel too ashamed to tell their families.
4. Fake Lottery and Prize Notifications
“Congratulations! You’ve been selected as a Facebook sweepstakes winner. Claim your $50,000 prize.” The catch: pay a processing fee first. Or provide your bank account details for the transfer.
No prize exists. Facebook does not run sweepstakes that notify winners through unsolicited messages.
5. Investment and Cryptocurrency Fraud
A Facebook friend — real or cloned — shares how they’ve been making extraordinary returns through a particular investment platform. The platform has a professional-looking website, live account dashboards, and even fake customer service agents.
Your parent deposits money and watches their “balance” grow. When they try to withdraw, they’re told to pay taxes or fees first. Once they stop paying, access is cut off and the money is gone.
The FTC reports that investment scams were the #1 most costly fraud category in 2023, with seniors losing a disproportionate share.
6. Fake Charity and Disaster Relief Scams
After a hurricane, wildfire, or other major disaster, fake charity pages flood Facebook. They use real disaster imagery, emotional copy, and names similar to legitimate organizations.
Seniors — who donate to charity at higher rates than most age groups — are a primary target. The money goes directly to scammers.
7. Grandchild Impersonation via Facebook Messenger
A message arrives through Messenger from what appears to be a grandchild’s account: “Grandma, I’m in trouble. I can’t call — please don’t tell Mom and Dad. I need money for bail/medical bills/a flight home.”
The grandchild’s account may have been hacked. Or the scammer found enough information through public Facebook posts to make the impersonation convincing. The urgency and secrecy are deliberate — designed to prevent your parent from verifying.
How to Protect Your Parents: Step-by-Step
Step 1: Tighten Facebook Privacy Settings Together
Sit down with your parent — in person or over video call — and walk through these changes:
Go to Settings & Privacy → Privacy Settings:
- “Who can see your friends list?” → Change to Friends or Only me
- “Who can send you friend requests?” → Change to Friends of Friends
- “Who can look you up using your email/phone?” → Change to Only me
Go to Profile:
- Remove or restrict the birthdate, hometown, workplace, and family relationships visible to the public. Scammers harvest this data to personalize their approach.
Go to Settings → Profile and Tagging:
- Turn on “Review posts you’re tagged in before they appear on your timeline”
These changes take under ten minutes and significantly reduce what scammers can learn from your parent’s profile.
Step 2: Establish the “Second Friend Request” Rule
If your parent receives a friend request from someone already on their friends list, it is almost certainly a cloned account. The rule is simple: do not accept. Call the real person directly to let them know their identity may have been stolen.
Make this a family rule, not just a suggestion.
Step 3: Create a Family Emergency Code Word
If your parent ever receives an urgent message — through Facebook, text, phone, or email — claiming a family member is in trouble and needs money, they must ask for the code word before doing anything else.
Choose a word or phrase now, share it with immediate family, and make sure your parent knows: no code word means no money, no matter how convincing the story sounds.
Step 4: Install Identity Protection
Even with perfect Facebook habits, personal information can leak through data breaches, other platforms, and data broker sales. Aura monitors your parent’s Social Security number, financial accounts, dark web databases, and personal information in real time — and alerts your family the moment something looks wrong. It’s our #1 recommendation for comprehensive senior protection.
Step 5: Use a Password Manager for the Facebook Account
If a scammer gains access to your parent’s Facebook account, they can message all of their friends — making your parent an unwitting vector for spreading fraud. 1Password generates and stores a strong, unique password for Facebook and alerts your parent if that password appears in a known data breach.
Step 6: Enable Two-Factor Authentication on Facebook
Go to Settings → Security and Login → Two-Factor Authentication and turn it on. Every new login will require a code sent to your parent’s phone. Even if a scammer gets the password, they can’t log in without that code.
Step 7: Protect Their Connection
Scammers sometimes intercept data on public networks where seniors are using Facebook. NordVPN encrypts your parent’s connection automatically — even on public WiFi at the library or a coffee shop — so their Facebook session can’t be monitored by anyone nearby.
Step 8: Remove Their Data from Broker Sites
Data brokers sell your parent’s name, phone number, email address, and interests to anyone who pays — including scammers who use that information to personalize Facebook fraud attempts. Incogni automatically contacts these brokers and demands deletion, reducing the quality of targeting that scammers can achieve.
The Best Tools to Stay Safe on Facebook
🥇 Aura — Best Overall Protection
Aura’s real-time monitoring catches the downstream damage of Facebook fraud — stolen identities, compromised financial accounts, Social Security misuse — before it compounds. If a Facebook scam leads to identity theft, Aura’s U.S.-based fraud resolution team handles recovery on your parent’s behalf. Backed by $1M in identity theft insurance.
→ Try Aura free for 14 days — Our #1 Pick
🔐 1Password — Best for Securing the Facebook Account
A strong, unique Facebook password stored in 1Password means a compromised password from another site can’t be used to take over your parent’s account. The Watchtower feature alerts immediately when any saved password appears in a known breach.
🛡️ NordVPN — Best for Safe Facebook Access Anywhere
NordVPN’s Threat Protection also blocks malicious links — including fake Facebook prize pages and phishing sites that mimic Facebook’s login screen — before they load. One click protects any network.
🦠 Bitdefender — Best for Catching Malicious Facebook Links
Facebook posts and Messenger messages frequently contain links to malware or phishing sites. Bitdefender’s web protection intercepts these automatically — even if your parent clicks before thinking.
→ Get Bitdefender Total Security
🧹 Incogni — Best for Reducing Personalized Targeting
The less personal data available about your parent online, the less convincing a personalized Facebook scam can be. Incogni removes your parent’s information from the data broker ecosystem that feeds targeted fraud.
What to Do If Your Parent Has Already Been Scammed on Facebook
Do not let them feel ashamed. These are professional criminals with years of practice. Smart, careful people fall for these scams every day.
Act immediately:
1. If money was sent — contact the bank or wire service within 24 hours. Some transfers can be reversed if reported fast enough. For gift card payments, call the card issuer immediately.
2. Report the scammer’s account to Facebook — go to their profile, click the three dots, and select “Find support or report.” Select the appropriate category. This won’t recover money, but it removes the account faster and protects others.
3. Change the Facebook password immediately — and any other account using the same password. Use 1Password to generate strong replacements.
4. Check whether your parent’s account was compromised — Go to Settings → Security and Login → Where You’re Logged In. Look for any unfamiliar devices or locations and log them out.
5. Alert family members — If your parent’s account was accessed, the scammer may have already messaged their friends list impersonating them. Warn family and close friends not to send money or click any links they may have received.
6. File reports — Report to the FTC at reportfraud.ftc.gov and the FBI’s Internet Crime Complaint Center at ic3.gov. For romance scams specifically, the FTC has a dedicated reporting path at consumer.ftc.gov/features/romance-scams.
7. Watch for recovery scams — Victims of Facebook fraud are frequently targeted again by scammers claiming they can recover the lost money — for an upfront fee. Treat any such contact as another scam.
Conclusion: Facebook Is Worth Protecting — Not Avoiding
The answer to Facebook fraud is not to tell your parent to quit Facebook. For millions of seniors, it’s a genuine lifeline — to family, community, and daily joy.
The answer is preparation.
Scammers targeting seniors on Facebook rely on three things: trust, urgency, and ignorance of the tactics. This guide eliminates the third. The family code word addresses the second. Tightened privacy settings reduce the first.
Spend one afternoon this month going through Facebook settings with your parent, setting up Aura, and establishing the code word. That conversation — not the fear — is what keeps them safe.
Your parent deserves to enjoy Facebook without looking over their shoulder. You’ve just given them the tools to do exactly that.
Frequently Asked Questions
Q: How do I know if my parent’s Facebook account has been hacked?
Signs include: posts or messages they didn’t send, friends receiving unusual messages, being logged out unexpectedly, or login notifications from unfamiliar devices. Go to Settings → Security and Login → Where You’re Logged In to check for unauthorized sessions.
Q: Should my parent accept friend requests from strangers on Facebook?
Generally no. Encourage your parent to only accept requests from people they know personally. If in doubt, they can message the mutual friends they share to verify the person is real before accepting.
Q: Is Facebook Marketplace safe for seniors to use?
It can be, with the right precautions. For selling: only accept cash in person or verified PayPal transfers — never checks. For buying: never pay in advance for an item you haven’t seen in person. Meet in a public place. Bring a family member if possible.
Q: What should my parent do if they receive a suspicious message from a “grandchild” on Messenger?
Do not respond or send money. Call the grandchild directly on their known phone number to verify. Then report the message to Facebook. If the account was compromised, notify the grandchild so they can secure it.
Q: Can two-factor authentication be set up on Facebook for someone who isn’t tech-savvy?
Yes — and it’s one of the most impactful security steps available. Go to Settings → Security and Login → Two-Factor Authentication, select text message authentication, and follow the prompts. It takes under five minutes and can be done remotely with a video call.