A Google search for a Facebook customer support phone number may direct users to a number set up by fraudsters, according to NPR.
The fraudulent number, 844-735-4595, appeared not only as top result in a Google search, but also as a featured snippet — meaning Google highlighted it in a box at the top of its search results, NPR reported.
NPR engaged phone fraud specialist Pindrop to investigate.
A Pindrop researcher called the number, posing as a Facebook customer who had been locked out of his account. He was instructed to purchase an iTunes card from Walmart or Target, and then to call the number again and hand over the card number and security code. He then would receive a password to unlock his account.
This is a variation on a well-known scam. In another common scenario, callers are told they have unpaid taxes, and they’re directed to buy a prepaid credit card and then provide its number to settle their bill.
The United States Federal Trade Commission issued an alert about the iTunes card scam this spring. Apple also issued an alert.
“These types of scams target a broad range of brands to try to trick people who are looking for help with the service they use,” said Facebook spokesperson Jay Nancarrow.
“We have been investigating the group … associated with this particular phone number for some time. They are prolific and are targeting many other platforms beyond Facebook,” he told CRM Buyer.
“People’s trust level for social media is pretty low to begin with,” said Michael Jude, a program manager at Stratecast/Frost & Sullivan.
“This just further degrades that trust,” he told CRM Buyer. “Facebook needs to get a handle on it.”
Facebook’s Plodding Pursuit
The term “Facebook customer service” is used in searches 27,000 times a month on average, NPR said, citing Google data.
Fraudulent numbers have been circulating on Facebook pages users have uncovered while searching for a customer service phone number for at least a year, NPR alleged.
That raises the question of why Facebook is taking so long to deal with the problem.
“We have taken down a large number of the sites offering fake support numbers, and we will continue to do so,” Nancarrow said. “We also enforce against domain name registrants, registrants and registries that are enabling these scams, and continue to take down large numbers of domain names connected to them.”
Con artists “move around and may change their service in order to avoid being apprehended,” noted Michael Patterson, CEO of Plixer.
“Facebook has numerous mechanisms to [warn members] and has used them in the past,” said James Pleger, director of security/threat research at RiskIQ.
Still, “a more visible and transparent system may help alleviate concerns from users as well,” he told CRM Buyer, adding that Facebook “take their users’ security seriously.”
Google has “taken the appropriate action to remove the offending pages,” a Google spokesperson said in a statement provided to CRM Buyer by company rep Susan Cadrecha. “We have investigated this particular issue and found that these pages have violated webmaster guidelines.”
A formal reporting process that would let search engines react to reliable information should be in place, Plixer’s Patterson told CRM Buyer.
However, “should Google be responsible for every scam like this in the entire world?” he asked.
How to Protect Oneself
As one rule of thumb, “if someone wants you to buy something to get customer support, then it’s a scam,” Frost’s Jude noted.
If calling a support number leads to instructions to purchase an iTunes card, said Patterson, “lift an eyebrow and start thinking twice. Then get online and search about your problem. Someone has probably run into it before and can help you.”