Giveaway competitions on Facebook can be tempting, luring users in with the possibility of a freebie, but these posts are not always what they seem. Which? has identified a number of examples of fake competitions circulating on social media in recent months. These competitions are often run by scammers who create fake Facebook pages impersonating well-known brands. 'Winners' of these fake giveaways may be asked to hand over personal data and payment details in order to receive their freebie, after which fraudsters can use these details to perpetrate further scams. The good news is that it is usually possible to avoid the fakes on Facebook with just a few simple checks.
The prevalence of fake giveaways is significant. According to the Federal Trade Commission (FTC), 51% of fraud reports on social media started on Facebook in 2023. Facebook’s vast user base and engagement mechanisms make it a prime target for social engineering attacks, particularly those leveraging the allure of giveaways. While legitimate companies often use giveaways for marketing and brand awareness, malicious actors exploit this tactic to harvest personal data, spread malware, or perpetrate identity theft. Understanding the common tactics used by scammers is the first step in protecting oneself.
Common Tactics and Red Flags of Fake Giveaways
Scammers employ several predictable strategies to make their fake giveaways appear legitimate. Recognising these indicators can help users distinguish between genuine promotions and fraudulent schemes.
Impersonation of Well-Known Brands: A primary tactic involves creating fake Facebook pages that impersonate reputable companies. Scammers love impersonating big brands. A key verification step is to look for the blue checkmark next to the account’s name. If it is missing, it is a strong indicator to think twice before proceeding. Before entering any giveaway, especially one that requires personal information, it is crucial to verify the legitimacy of the page. A recommended practice is to message the legitimate company directly through their official, verified channel to confirm they are running a giveaway before sharing any private information.
Suspicious Account History: The age and activity level of a Facebook page can be telling. Does the account seem suspiciously fresh, with little content or history? Real brands usually have a consistent presence online. If the page has barely any posts, followers, or history, it is likely a scam. Legitimate brand pages are typically well-established and actively managed.
Grammatical Errors and Poor Quality: Errors in posts, captions, or messages are a dead giveaway. Official communications from established brands are generally professional and free from significant spelling or grammatical mistakes. Scammers, often operating hastily or from non-native language backgrounds, may produce content with noticeable errors.
Unrealistic Offers and Prizes: The fundamental question to ask is whether the deal is too good to be true. We would all love to live in a world where retailers suddenly give away hundreds of pricey laptops, vacuum cleaners, or designer kettles for free. However, if you see a competition or promotion on social media that seems too good to be true, it probably is. Before entering, consider whether the promotion is realistic. Retailers might give away one expensive item or a small number of them, for example, but they are not going to hand out masses of stock for nothing. If it sounds unlikely, trust your instincts.
The Scam Process: From Engagement to Exploitation
Fake Facebook giveaways often operate as multi-stage attack vectors. The process is designed to maximise engagement and then extract valuable data or money from victims.
Stage 1: The Compelling Offer: The initial stage involves creating a compelling yet ultimately deceptive offer, typically featuring high-value prizes to maximise engagement. For example, a user might scroll through Facebook and stumble upon a giveaway for a brand-new flatscreen TV. The rules of the giveaway are often to like, comment, and share the company’s content on your Facebook account to gain more entries into the giveaway.
Stage 2: Luring the Victim: After a certain timeframe, the scammer notifies the user that they have won the prize. At this point, the scammer will request personal information to "claim" the prize. This is where the exploitation begins.
Stage 3: Data and Financial Harvesting: The core motivations behind these scams are diverse: * Data Harvesting: Collection of Personally Identifiable Information (PII) such as name, email, phone number, and address for resale to marketing firms or for use in phishing attacks and identity theft. * Credential Harvesting: Tricking users into entering their Facebook login credentials on a fake login page, granting the scammers access to their accounts. * Financial Fraud: A common request is for payment details. The scammer may ask for a credit card number to cover a "shipping fee" for the free prize. At this point, if a user has not realised the giveaway is fake, they should recognise that a company asking for credit card information over social media is most likely illegitimate. A legitimate company will never ask for payment details to claim a free prize.
Stage 4: Further Propagation or Malware: In some cases, victims are lured into actions that further propagate the scam, such as liking/sharing the post, tagging friends, or joining fake groups. Other scams involve enticing users to click on malicious links disguised as entry forms or prize confirmation pages, leading to drive-by downloads and subsequent malware infections.
Specific Scam Variations and Other Facebook Frauds
While fake giveaways are prevalent, they are part of a broader ecosystem of Facebook scams. Awareness of other common frauds can provide a more complete picture of the threat landscape.
Charity Scams: It may be difficult for any altruistic person to believe that scammers would create fake charities to steal money, but it happens often on Facebook. Scammers create accounts to impersonate well-known charity websites and request donations for medical bills, natural disaster relief, local animal shelters, and many other causes. Before donating to any charitable cause on Facebook, it is essential to verify the charity’s legitimacy. This involves searching for the official website and verifying the person running the fundraiser. If the organizer is not legitimate, you should not give them any personal information or money and should report the scam.
Job Offer Scams: Fake job offers are another common lure on Facebook, promising high wages for minimal work or requiring upfront fees for "training materials."
Coupon Code Scams: Scammers may post fake coupon codes for popular retailers, directing users to phishing sites designed to steal login credentials or financial information.
Romance Scams: A romance scam occurs when a scammer creates a fake identity and expresses romantic interest over social media. While not a giveaway per se, it is a social engineering tactic that often begins with an unsolicited friend request and builds trust before eventually requesting money or personal details.
Mitigation and Response: What to Do If You Suspect a Scam
If you suspect you have encountered a fake giveaway or any other scam on Facebook, taking immediate action is crucial to mitigate potential damage.
Report the Post to Facebook: The first step is to report the malicious content. Click the three dots on the top right corner of the post and select ‘Report Post.’ Choose ‘Scam’ or ‘Fraud’ and provide a detailed explanation. This helps Facebook’s security teams identify and remove fraudulent content.
Secure Your Account: As a precautionary measure, change your Facebook password immediately if you have clicked on any suspicious links or entered any information. Enable two-factor authentication (2FA) for added security. Review and revoke any unnecessary permissions granted to third-party applications on Facebook.
Monitor for Unauthorised Activity: Keep a close eye on your email, bank accounts, and credit card statements for any signs of unauthorised activity. Consider enabling credit monitoring services from major credit bureaus to proactively detect any attempts at identity theft.
Scan for Malware: If you clicked on a malicious link, run a full system scan using reputable anti-malware software to detect and remove any potential infections.
Conclusion
Facebook giveaways, while often legitimate, present a significant security risk due to the prevalence of fraudulent schemes. By understanding the tactics employed by scammers—such as brand impersonation, unrealistic offers, and requests for personal or financial information—users can significantly reduce their risk of falling victim to these attacks. Vigilance, verification through official channels, and a healthy dose of scepticism are the most effective tools for navigating social media promotions safely. When in doubt, it is always better to err on the side of caution and avoid engaging with suspicious offers.