Facebook has closed a number of profiles that were being used by fraudsters to trick users of the social networking site in to handing over money
The social networking site said that its security teams had noticed an increase in scams where people's login information is collected through phishing sites, and then their accounts are accessed without permission to ask friends for money.
"While the total number of people who have been impacted is small, we take any threat to security seriously and are redoubling our efforts to combat the scam," wrote Alok Menghrajani, a software engineer at Facebook, in a blog post.
The attacks, known as 419 scams, involve a fraudster accessing Facebook accounts and posing as the account owner. They often claim to be stranded in a foreign country without access to money, and they use Facebook's email and chat system, as well as profile status updates, to plead with 'friends' to send them money through transfer services such as Western Union.
Such scams have been commonplace for years, but fraudsters have traditionally used emails to get hold of cash. Increasingly, savvy cybercriminals are turning towards hugely popular social networking sites, such as Facebook, which has more than 300 million users, in order to cultivate a more direct, personal link with potential victims.
Facebook has set up a special security advice page, which gives hints and tips to users to help them avoid falling victim to cybercriminals on the site. It has also called on its users to "educate themselves" about online scams, and report any strange or suspicious profiles and activities.
"We have improved a number of our automated systems to better handle this unique class of scam and are taking efforts to ensure that we adapt our response to the scam as it changes," wrote Menghrajani. "At the same time, our security team is working with law enforcement and collaborating with email providers and other industry experts to identify and catch the criminals responsible."
Some of the fake accounts also contain web links, which, if clicked on by unsuspecting users, downloads malware on to their computer, leaving it vulnerable to remote hacking by cybercriminals.
"The fact that spammers have bypassed Facebook’s automated account creation protections means they’ve been investing heavily in getting users from the site," said Mick O'Neill from All Facebook, an unofficial blog dedicated to the social networking site.
"While the best ways to protect yourself are obvious to most people, there are still millions of people being duped by spammers on a regular basis."