Social Media Scams

Fake competitions are common on social media. They make us dream - and seem so simple to enter.

These posts appear to be from well known brands with luxury prizes such as free flights, phones, or gift cards.

On Facebook they take the form of posts asking you to like, share, and comment, whilst on messaging apps (such as WhatsApp or Facebook Messenger) they're often a web link sent by a friend.

Who's behind these?

More often than not there's a financial motive behind these. Those that spread through messaging apps are often trying to entice people to visit a phishing website to capture personal details; for Facebook and Twitter, the aim is often to gather as many likes or retweets as possible, before selling control of the account to someone who wants a huge ready-made audience.

Entrants to these fake Facebook competitions may also be sent private messages asking them to confirm their identity, for example by sending over their credit card details.

How to spot these?

If something seems too good to be true, it often is! One problem though is that many (often small) businesses do sometimes run legitimate competitions as a form of advertising.

So how can you tell the real ones from the fake ones?

• Blue tick: Check if the account has a blue "verified" tick by the name (or an emoji on Snapchat) - all official accounts have this.
• Brand name: Look for slight variations in the account name compared to the genuine brand - has a fullstop been added? Has an extra word been used such as "Holidays" or "Shop"?
• Account history: Check for other posts made by that account - whilst there may be a couple to help make it look genuine, scroll back quite far. These accounts are often only a few days old.
• Beware of phishing: Don't click on any link in a message unless you truly know where it goes. See our guidance on how to spot phishing.
• Personal details: Never ever giveaway your personal or credit card details as part of any competition!

---

Friend spoofing is a rare but growing trend. In this scam, a fraudster will copy someone's social media profile (creating a new account with their name & photo) and send new friend requests out to everyone on that person's friends list.

For anyone who accepts the request - possibly on the assumption that their friend had a technical issue and are simply re-connecting - then the fraudster will try to engage them in a conversation. They'll try to exploit the trust that the victim has (who think they're talking to their friend) and "phish" for personal information, or potentially even claim to be stranded abroad and ask for a loan.

How can I spot these?

If you do receive a connection request from someone you're already friends with then be suspicious. Differences in the language they use, getting facts wrong, or even just your gut feel, may all add to your suspicions.

Never give much personal information away if you are suspicious, and never transfer any money (no matter how convincing the story!). Contact your friend via a different method (such as email) to check that it really is them. If that's not an option then gently test their knowledge of your friendship, or click on their profile and check that out.

If you ever discover a spoof account then alert the person who's account has been cloned, warn any friends, and report it to the social media platform they're using. Fraudsters only need a small number of victims to make it worthwhile.

How can I stop my account being cloned?

To increase their chances of fooling people fraudsters will only clone accounts they can view in full and learn about the person from. Make sure this isn't you - tighten up your privacy settings, and ensure your friends list isn't publically visible.

---

Not all scams are driven by money - some are created purely for mischief!

We all want to stay safe - and we want our friends to stay safe too - so any messages with a warning of danger have the potential to go viral. We get a feel good kick from sharing these, thinking we're helping others.

Hoaxes are incredibly varied with some even being circulated for years. The Martinelli hoax (see the images to the right) is very common, as is another warning about eggs being thrown at your car windscreen.

How to spot these?

In this era of Fake News it can be difficult to tell what is real and what isn't. Common tell-tale signs of hoaxes are messages that claim to be a warning of something, ones that actively encourage us to share it with friends, and any which (often) are written in poor English.

Many hoaxes can be confirmed as fake simply by doing a web search for a few key words from the message. The websites Truth or Fiction? and Snopes can be great resources to check too.

If you see a friend sharing one of these then quietly let them know you think it's a hoax (maybe include a link to a story that debunks it) so they can remove the post. Don't embarrass anyone by laughing at them for falling for it - remember they thought they were doing you a favour by warning you!

---

If you're a Facebook or Instagram user these posts will probably be familiar - an advert for Ray Ban glasses with 90% off, posted to your friend's newsfeed by a friend of theirs.

The aim of this scam is to lure you to their website to buy glasses, stealing your credit card details in the process.

How to spot these?

Fortunately these adverts are easy to spot - they're very simple in design, and offer huge (often 90%) discounts. The web address they display is also not the real Ray Ban website.

Whilst these specific adverts are for Ray Ban other brands can be targetted too. If you ever see any offer that looks too good to be true then be suspicious!

How do I avoid these ads appearing on my feed?

The adverts make use of hacked social media accounts, likely due to a virus. To protect yourself and prevent your account from being used to post these it's worth reviewing your account's security settings:

• Ensure you have a strong password;
• Add an extra security check to your login;
• Review which apps have access to your account.

For Facebook users we have an in-depth "How To" article with a step-by-step guide to securing your Facebook account.

What if my account is already spamming these?

If a friend has reported that your account is sending these then immediately review your account security settings - change your password and add a second factor login. You can also review who's logged into your account and remove their access.

For Facebook users, see our guide for what to do if your Facebook account has been hacked.

---

When you're using social media sites it's likely that you're guard is down somewhat; after all it's reasonable to expect that these tech giants will block anything malicious isn't it?

Unfortunately though that's not quite true. Despite the vast efforts of the likes of Twitter & Facebook to eradicate malicious content, some do still appear. One such example are web links that, when opened, infect your computer with a virus.

These are often in posts that are specifically designed to grab your attention. When you click the link you'll be taken to a malicious website where your computer (or phone) will download a virus. At first you may not notice anything amiss - the page you visit might be what you expect, encouraging you to share it with your friends too.

How to spot these?

These posts are designed to grab your attention and make you want to click through - they're a form of what is known a "clickbait". They may be deliberately controversial, they might announce a celebrity death, or they could lure you in with a tempting competition.

If you see any post like this then resist the urge to click it, no matter how tempting it is. If it claims to be a breaking news story (such as a celebrity death) then use a search engine instead and check if it really is true or not.