/ Shopping, Technology

Update: have you fallen for a scam promotion on social media?

Online voucher

Sophisticated social media scams are becoming a real concern. Not only do they pose an obvious risk to users of social networks, such as Facebook, but they’re alarmingly effective.

How do we know they’re effective? Because if they hadn’t worked, we wouldn’t be seeing them.

It’s easy to be sucked in when you see friends and family purporting these scams, but the people you trust the most are obliviously doing the fraudsters’ bidding.

How is this happening?

Dodgy social media posts spread like a virus – the scammers will often give you an incentive to click through, usually promising something for nothing, such as in the two examples we spotted (below).

Morrisons promotion scamEasyjet promotion scam

The posts have been cunningly designed to appear genuine, using official brand logos and, in the case of the Morrisons example, even going into T&Cs – right down to what the cashier should do with the ‘coupon’.

But it’s the way the scam reaches you that’s the clever part. Both these posts reached Which? staff members’ Facebook feeds by being shared by family members.

The wording ‘thanks for my gift coupon’ even makes it appear that the person you know was successful in using it, but this has been placed there by the fraudsters. The scam has practically arrived with an endorsement from someone you know well, making it all the more convincing.

Unbeknownst to the victim, clicking on these links sends your personal information to third parties, while also triggering the ‘share’ with all your friends, and on it travels.

A problem shared

Shares and likes are the currency when it comes to Facebook scams. Hoax-Slayer spotted this page (below).

British Airways scam post

The post from scammers posing as ‘British Airway’ has been designed to amass as many likes as possible, in order for it to be used for other scam campaigns (or even sold on a black market to other scammers!).

Update: 10 November 2016

Be warned! These promotions and competition scams are continuing to ‘do the rounds’ on social media. Today we’ve been made aware of an ‘Emirates’ promotion being circulated on WhatsApp, the smartphone messaging app.

This promotional message is sent straight to victims’ phones via the app. The message calls on recipients to click the link in order to claim two free tickets for an Emirates flight, made to look like the real deal with the airline’s website ’emirates.com’ at the top of the message and an image of the apparent two tickets up for grabs.

If you click the link to ‘claim’ your tickets you’re then taken to survey for you to complete in order to proceed.

Whatsapp Emirates scam

Whatsapp message

Scam survey

Scam survey

 

 

We’ve alerted Emirates to this scam promotion. We’re worried that these scams just aren’t going away and even more concerning they’re looking more convincing too.

Keeping safe

Remember to always keep a close eye on what you’re clicking on when you’re browsing your social media timelines – even if it arrives by what you think is a legitimate source.

We’d advise closely inspecting any URLs you aren’t sure about, quickly Googling the ‘promotion’, or simply asking your friend or family member if they meant to share the post. It may be an old cliché, but if it looks too good to be true, it probably is.

Have you spotted any dodgy social media posts? Do you think social networks, such as Facebook and Twitter, should do more to get rid of them from their platforms?

Comments
Member

I do not use the social media relating to all the most popular websites but I am highly interested in those who do because from years of gathering security information from all tech. websites in this country but mostly abroad it seems those using them are very lax in their self security and get “carried away ” with giving out information to others . I am not taking into account that everything you input on them ends up with third parties for use for profit one way or another because that is taken as read but honestly hackers themselves think that those who inhabit them arent too knowledgeable about what can happen on the web. They think they are “easy meat ” all sorts of rip-off scams are perpetuated , so this will be a sort of “Gallup Poll ” on the British Publics attitude when communicating on them . It is those websites business to put forward a “friendly , social approach , and inviting to draw in more “customers ” but that to me is like the spider to the fly -come into my parlour and they did . This is mirrored in many posts in the banking Convo where many blame the banks for lack of security although others blame the users. It boils down to money to protect in any business ,so will those multi- $Billion giants of the Internet pay out to protect their clients or does profit come before security ?

Member

I notice George mentions checking the URL , there is an add-on that can be applied to browsers called “Clean Links ” which I have on my main browser for general use . It is designed to convert obfuscated/nested links to genuine plain clean links , it also allows to remove affiliate /tracking tags from URL,s .It can be added to Firefox directly and also if you visit github.com I would NOT advise you to download it from cnet.com /download.com .

Member

I like your ‘Clean Links’ Duncan.

I got an email from the BBC yesterday entitled Changes to your BBC iD account. If I have received emails from BBC iD before, I don’t remember them.

Hovering over links the URLs start click.e.bbcmail.co.uk. Are they meant to confuse you into thinking they are the real BBC?

There is a line that says: ‘If you are concerned that this is not a genuine email sent from the BBC we have created an FAQ page on our website explaining why you are receiving it.’ Ahh, the reassuring line……..

Then another sentence: ‘You’re receiving this transactional email message because you registered for a BBC account.’ The giveaway line that this is really spam?

But a search takes you to a real BBC page entitled: I’ve received a ‘Changes to your BBC account’ email claiming to be from the BBC – is this a genuine email?’ And it appears it is genuine after all.

It has been said before, companies could do a lot to help themselves and us by not using confusing links.

Member

Thank you Alfa , my mind is always on “protectionism ” when it comes to the Web. I have fought many a battle against all sorts of malware, official or otherwise and ,to me, its a continuing “war ” against it. Getting rid of Windows was a major help.

Member

I received the same e-mail this morning. That they have to go to so much trouble explaining that their message is not spam or a scam shows how contaminated the web is now. The more the BBC tried to convince me that their e-mail was genuine the more suspicious I became because those tactics are used by scammers themselves. I was still not 100% convinced but I gave it a go anyway as I could not find anything dubious about the text, style, or presentation. At the end of the exercise I could not really understand what benefit there was from being signed in to an account because I don’t want their e-mails anyway.

Member

When you sign into an account you are saying its okay for the website to contact you with “offers ” , for it to track you over the web and use you to build up a “picture ” of what you like /buy/ and watch. It does so, so that it can “target ” you and it provides info as to the number and location etc of people that are interested in its website and business. The BBC for example has a lot of trackers and even if you delete them onsite one “bounces back ” again , you have to delete it after you leave the website , it also uses javascript and because I block it usually ( not from Which ) I either get plain text or a blank page so I get limited in the full function of the website . But it is no different from my ISP BT , if I dont allow it to track me I cant log-in or access my emails relating to BT Mail directly only using an email client , and if I dont directly access the email site , after so many months I lose the service as it loses revenue from not tracking me ( well the US company who own it does) . There is a lot more but I have been told I am boring in that direction .

Member

I get so little unwanted stuff via the internet that I am not overly bothered about trackers. My browsing history is probably a lot more boring than yours, Duncan. I have opted out of 90% of the content the BBC offers and chosen not to receive their e-mails so my inbox will not be burdened. I find the organisations I deal with do what I tell them when I no longer wish to hear from them. My browsing and internet activity is limited to just a handful of carefully selected websites. I seem to be completely unsusceptible to click-bait which I think both wastes a lot of people’s time and exposes them to unwanted follow-ups.

Member