Connect with Joseph Steinberg


Beware These 7 Holiday Season Social Media Scams

Beware These 7 Holiday Season Social Media Scams

During the holiday season, criminals use various social-media borne scams to target holiday revelers. Here are some specific ones for which to watch out:

1. Fake surveys, giveaways, and contests

As I described in the article 8 Ways to Protect Yourself From Scams and Data Collection on Social Media, social media is full of scam giveaways, contests, and surveys. Crooks often customize scams for the holidays – for example, by making social media posts that offer people the most popular “trending” toys of the season as a prize for performing some action.  As described in Beware These 6 Holiday-Season Email Scams, during holiday season people are also especially likely to fall prey to scams involving fake shopping-related surveys that offer great rewards in exchange for participation. Some criminals contact intended victims by email, but, increasingly, crooks rely on social media as their primary platform for scam communication – the team at SecureMySocial has found many posts shared on social media that appear intended (at least by their original author) to do so. Be careful. Do not click links to surveys unless you are 100% certain that they are safe; a survey appearing on the official, verified page or account of a brand, for example, is much more likely to be legitimate than one shared by a friend in a post on the friend’s social media page. (Also, please do not be the person who blindly shares information about a survey, contest, or giveaway, without first checking if it is legitimate.) Think about whether the reward for participating makes sense relative to the value of your participation to the party conducting the survey – if it seems too good to be true, it likely is.

2. Bogus gift card offers

As I mentioned in the piece Beware These 14 Dangerous Holiday Shopping Scams, criminals often exploit holiday season as an opportunity to sell not only phony gift cards and stolen gift cards, but also legitimate gift cards purchased using stolen credit card numbers or obtained as part of the process of laundering illegally-gained money. As such, posts about discounted gift cards seem to appear on social media relatively often during this time of year – some posts may represent completely kosher offers, but a great number do not. Ideally, you should purchase gift cards directly from a card’s vendor or from a store that you know is legitimate. Some third-party gift card markets offer money back guarantees if a card is not honored – but, not only are such guarantees often of limited duration, but, in the case of holiday gifts, do you really want someone who received a gift from you to possibly to be embarrassed in a store if the card you gave him or her does not work? Do you want him or her to have to ask you to get a refund and buy another card?

3. Gift card number generators

Multiple researchers have noted that they have found a variety of gift card number generators promoted on social media. Gift card number generators are programs used to create fake gift card numbers for testing purposes, but some dishonest folks use them in an attempt to guess valid gift card numbers which they then either sell, or use to purchase goods without having to pay – both of which, are, of course, illegal. So, unless you are testing payment systems and interfaces as part of your job, you should probably never be using card number generators in the first place. Do not download them. Additionally, criminals also seek to exploit the fact that some people do download these tools – many copies found online suffer from malware infections; crooks know that someone infected by malware or ransomware installed when the victim downloaded and ran a, likely stolen, gift card number generator is unlikely to contact law enforcement.

4. Fake coupons and discounts

Social media is loaded with links to fake deals and coupons; once a single person posts a fake deal or coupon, social media can help amplify that “amazing (mis)information,” and make it go viral. Various social media platforms have taken action to curtail the number of accounts originating such scams, but one can still find plenty of social media accounts with names like “Macys Coupons,” (sic.) that simply direct people searching for coupons to particular URLs. Be careful. Links shared on social media can point to phishing sites, or to sites delivering malware, advertisements, or other undesired material. Keep in mind that people are often gullible, and social media accounts are regularly hacked, so, beware even if a close friend is sharing a “deal” or “coupon.” Other forms of fake discounts include social media posts that link to sites that advertise discounted merchandise for sale and request payment information prior to shipping out the items sold – but, which, are simply scam sites collecting credit card data, whose operators have no intent of ever delivering  anything to buyers.

5. Impersonation apps

Beware impersonation shopping apps – smartphone and tablet apps that appear to be official apps of major brands, but which are not. Such apps are present in multiple appstores, creating a major risk to shoppers – and criminals are using social media to promote these dangerous apps. (A couple years ago, the SecureMySocial team even found what appeared to be paid promotions in appstores for such apps!) Before clicking a social media link and downloading any shopping app from any appstore make sure that the app is described and linked-to from the brand’s official social media profile or website. (Theoretically, it is possible that a hacker could compromise those accounts or sites and create such links – but doing so is much more difficult to do than posting a fake app, and is also a lot more likely to be noticed and addressed quickly than is a scenario in which someone created and published a “save on some-brand-name” app in an appstore and promoted it on social media). Also, please keep in mind that some rogue links that appear to be to app download sites may, instead, be to sites that spread malware.

6. Fake news stories

While fake news has trended as a political topic numerous times in recent years, fake news poses other risks, including that it is not hard for a criminal to write, or copy, fake news stories that are likely to go viral due to their headlines, and to place such stories on a website that distributes malware, or to create a site for such a purpose from the get go. Fake stories about amazing gifts, deals, discounts, or offerings can be especially effective during holiday shopping season. If a story sounds outlandish, Google it to see if any established media venues can corroborate it. If none do, proceed with extreme caution – or, better yet, do not proceed.

7. Exploiting trending hashtags

Many scammers leverage popular hashtags in order to make sure that their posts are seen by as wide an audience as possible. The fact that a post contains a trending hashtag does not, in any way, indicate that the post is not dangerous. It could still point to malware, to a fake app, or to a phishing site. As such, do not trust a post just because it appears in the search results for a particular hashtag or keyword – trusting it is precisely what scammers hope that you do.

Stay safe, and Happy Holidays!

Continue Reading

More in CyberSecurity




* indicates required