Holiday season has once again arrived, bringing joy, shopping, and... criminals trying to steal your money and identity. I strongly suggest that readers familiarize themselves with the scams that proliferate this time of year. Also, do not think that you are too smart to fall prey to a scam - the Better Business Bureau has pointed out that nearly 4 out of 5 North American scam victims has a college degree or graduate degree.
In addition to the scams described in the aforementioned articles, and the email-based scams that I described earlier this week, various social-media borne scams also target holiday shoppers. Here are some specific ones for which to watch out:
1. Fake surveys, giveaways, and contests
As I described in the article 8 Ways to Protect Yourself From Scams on Social Media, social media is full of scam giveaways, contests, and surveys. These scams are often customized for the holidays - so, for example, being that this season, Hatchimals are the "toy to get," you will likely see one or more scams that promise a prize of a Hatchimal for performing some action. (Ironically, I saw my first Hatchimal scam post just minutes after having lunch with someone who had just received one of the toys.) As described in the article Beware These 6 Holiday-Season Email Scams, during holiday season people are also especially likely to fall prey to scams involving fake shopping-related surveys that offer great rewards in exchange for participation. Criminals may contact intended victims by email - and our team at SecureMySocial has found plenty of posts shared on social media that appear intended (at least by their original author) to do the same. Be careful. Don't click links to surveys unless you are sure that they are safe; a survey appearing on the official, verified page of a brand, for example, is a lot more likely to be legitimate than one shared by a friend. (Also, don't be the friend who blindly shares information about a survey, contest, or giveaway.) Think about whether the reward for participating makes sense relative to the value of your participation to the party conducting the survey - if it seems too good to be true, it probably is.
2. Bogus gift card offers
As I mentioned in the piece 14 Dangerous Holiday Shopping Scams to Avoid, criminals often leverage holiday season as an opportunity to sell not only phony gift cards and stolen gift cards, but also legitimate gift cards purchased using stolen credit card numbers or obtained in the process of laundering money. As such, posts about discounted cards appear on social media - some may represent totally kosher offers, but a great number do not. Ideally, you should purchase gift cards directly from a card's vendor or from a store that you know is legitimate. Some third-party gift card markets offer money back guarantees if a card is not honored - but, in the case of holiday gifts, do you really want someone who received a gift from you to possibly to be embarrassed in a store if the card you gave him or her does not work? Do you want him or her to have to ask you to get a refund and buy another card?
3. Fake gift card number generators
Researchers atZeroFOX have found a variety of gift card number generators promoted on social media. Gift card number generators are programs used to create fake gift card numbers for testing purposes, but some people use them in an attempt to guess valid gift card numbers which they then use to purchase goods without having to pay - which is, of course, illegal. So, unless you are testing payment systems and interfaces as part of your job, you should probably never be using card number generators in the first place. That said, criminals clearly seek to exploit the fact that some people do use them; crooks also know that someone infected by malware or ransomware installed by a gift card number generator being used for illegal purposes is unlikely to contact law enforcement.
4. Fake coupons and discounts
As was the case during last year's holiday shopping season, social media is loaded with links to fake deals and coupons; once one person posts a fake deal or coupon, social media can help that "amazing (mis)information" go viral. ZeroFOX researchers also found Twitter accounts with no followers or following (probably to keep the accounts "under the radar" so that Twitter does not delete them), but with names like "Macys Coupon," (sic.) that simply direct people searching for coupons to particular URLs in their "bios." Be careful. Links shared on social media can point to phishing sites, or to sites delivering malware, advertisements, or other undesired material. Keep in mind that people are often gullible, and their social media accounts can be hacked, so, even if it is a trusted friend is sharing a "deal" or "coupon" be careful. Other forms of fake discounts include social media posts that link to sites that advertise discounted merchandise and request payment information -- but, which, naturally, never deliver the goods.
5. Fake apps
As I discussed last month, one scam on the rise this year is that of fake shopping apps - smartphone and tablet apps that appear to be from major brands, but are not. These apps are present in multiple appstores, creating a major risk to shoppers - and criminals are using social media to promote these dangerous apps. (The SecureMySocial team even found what appeared to be paid promotions for such apps!) Before clicking a social media link and downloading any shopping app from any appstore make sure that the app is described and linked-to from the brand's official social media profile or website. (Theoretically, it is possible that a hacker could compromise those accounts or site and create the link - but that is a lot harder to do, and a lot more likely to be caught quickly than creating and publishing a "save on some-brand-name" app in an appstore and promoting it on social media). Also, keep in mind that links to such apps from social media might not even go to the apps - they may go to sites distributing malware or sites phishing Google, Apple, or other credentials .
6. Fake news stories
While fake news has been covered in the real news quite a bit in recent days due to its possible impact on the recent election, fake news poses other risks, including that it is not hard for a criminal to write, or copy, fake news stories that are likely to go viral due to their headlines, and to place such stories on a website that distributes malware, or to create a site for such a purpose from the get go. Fake stories about amazing gifts, deals, discounts, or offerings can be especially effective during holiday shopping season. If a story sounds outlandish, Google it to see if any established media venues can corroborate it.
One other warning - like legitimate social media users, many scammers leverage popular hashtags in order to make sure that their posts are seen by as wide an audience as possible. Don't trust a post just because it appears in the search results for a particular hashtag or keyword - trusting it is precisely what scammers want you to do.
Besides following the aforementioned advice to avoid the social-media-borne scams running wild right now, I also strongly suggest that you familiarize yourself with ways to secure your social media accounts. Please see the article How to Be Better at Social Media Than Mark Zuckerberg for some tips.