Yaroslav Olieinikov/Getty Images
Free iPad giveaway? Sign me up! But wait—before you click that sweepstakes link, ask yourself whether it seems real. In this bank scam, many fraudsters create fake giveaways to fool users into sharing personal information like a credit card number or clicking a link that could download a virus onto their phones or computers. These frauds can also take place in the form of Instagram scams.
That said, there are legitimate sweepstakes, raffles and giveaways. “But there’s usually an end goal there,” Velasquez says. Most companies are hoping that the promise of a free iPad (or flight or jewelry) will entice you enough to, say, sign up for a newsletter or buy a product.
In these cases, before you give any personal information to a company, weigh the chances of winning with what you’ll lose once the company knows your email address or phone number. If the company doesn’t store your information securely, hackers could gain access to it and use it for fraud or sell it on the Dark Web. Here’s what you should know about fake ads on social media.
Facebook quiz scams
Your friend just found out what ’80s pop star is their spirit animal, and now you can’t wait to find out yours. Don’t let your curiosity get the better of you, though. Some Facebook quizzes will ask for access to your profile, and others will even go a step further by throwing trick questions into the quiz itself, says Adam Levin, founder of global identity protection and data risk services firm CyberScout and author of Swiped.
Questions like “What’s your mother’s maiden name?” are “purely to gather information because … they could be the answers to security questions” to recover your password, he says. Once hackers have this information, they can use Facebook’s password recovery process to log in to your Facebook account.
It’s best to avoid these quizzes altogether. But if you do want to take a quiz on Facebook, stick to the sites you know and trust, and create fake answers for password recovery questions so they’re hard to crack, says Levin. It might be easy enough for Facebook scams to figure out your mother’s maiden name, so leave an easy-to-remember lie instead. You might be surprised by what hackers can do with just your email address or phone number.
Jetta Productions Inc/Getty Images
Be skeptical if you receive a friend request from someone you could have sworn already had a Facebook page. Sure, some people like to clean house by ditching their old profiles, but other friend requests aren’t so innocent. Scammers will clone a person’s entire Facebook profile, creating a fake profile of a real person.
From there, they can search the original user’s friends list and send their contacts a link for a get-rich-quick scheme or a cute quote. It’s the kind of thing you’d ignore from an anonymous email message, but not from a loyal friend. “They’re banking on the fact that you will trust the message,” says Levin. The problem is, clicking that link could download malware to your computer.
Before you accept a weird friend request, shoot over a text or call the person to confirm it’s not a fake account. Learning how to hide your friends list on Facebook can also protect your contacts if you fall victim to this scam in the future.
Even if you haven’t received a new request, don’t immediately trust a message from a friend you can’t see face-to-face. Hackers can find a person’s password and break into their account, then send spoofing messages or posts to their friends asking them for money or other gifts. The messages are designed to tap into your emotions, causing you to panic and send the money without fully thinking it through.
In addition to using a friend’s profile to carry out a spoofing attack, scammers might impersonate famous people or organizations too. For example, there are dozens of accounts posing as Facebook CEO Mark Zuckerberg, sending users messages with claims that they’ve won money in a “Facebook lottery” and need to send gift cards to claim their winnings. Once they receive the gift cards, the fraudsters disappear.
Have a nice day Photo/Shutterstock
With “cloning” of social media profiles on the rise, it makes sense to be aware that it might happen to you too. But don’t believe friends automatically. Reportedly, the same exact message has been sent to countless Facebook users, directly from another friend, but it’s a hoax: “Hi … I actually got another friend request from you yesterday … which I ignored so you may want to check your account. Hold your finger on the message until the forward button appears … then hit forward and all the people you want to forward too … I had to do the people individually. Good Luck!”
While forwarding the message won’t spread malware, it does mean you’re unnecessarily spamming the inbox of everyone you know. Instead, search your own name for an identical account to yours, and ask friends if they’ve had any fishy requests from you. Report the fake profile if the warning is legitimate and ignore the message if there doesn’t seem to be a threat.
Fake coupon codes
Liking a store’s or restaurant’s fan page—or even keeping an eye on the ads—can be a great way to stay in the loop when there’s a sale or discounted offering. (But if you don’t love them, find out how to turn off creepy Facebook ads.) If a post shows a promo code and it works, lucky you! You just saved some cash. But be skeptical if you need to give personal information or create an account to unlock the savings. In some Facebook scams, a site poses as a real store but is looking to convince you to share your email address (which can be used in phishing attacks) or other personal information like your credit card number or SSN, putting you at risk of identity theft.
You can avoid these scams by doing your own research on the sale or advertisement. “Open a new browser tab and Google” the store’s official website, says Velasquez. “Go to the source and see what’s going on.” If there’s a genuine promotion, you can bet the store’s official site will let you know.