Beware of Facebook contest scams: Phishing for personal data
7:32 PM EDT, September 15, 2024
Police are drawing attention to ongoing phishing campaigns that can be encountered on Facebook. In this case, scammers use the theme of a contest and the possibility of receiving a cash prize. An unusual element is the instruction with a link posted in the comment of the post.
The scam begins with an enticing post on Facebook, suggesting a contest win and the ability to receive a cash prize. The instruction is provided in the comment to the post. Users theoretically have a few steps to complete, including visiting the site provided in the link, appropriately commenting on the publication (which most likely also affects its reach), and completing these steps within 12 hours. Of course, the whole story is fabricated.
The key point is visiting the site linked in the comment. In this fabricated scenario, the attackers use this method to phish data from potential victims. Depending on the case, this can include at least personal data, but most often also payment card numbers, even under the pretext of confirming identity or "receiving a transfer" related to the mentioned contest. Naturally, in practice, these steps are just part of the scam.
If the scammer gains possession of the victim's data in this way, they can at best make purchases at the victim's expense, or in worse cases, try to take out a loan in their name or enroll them in an unwanted subscription service. Regular, smaller amounts could then be deducted from the account, which is generally harder to notice, especially if one does not monitor their bank account daily.
As always, we remind you that attractive-sounding offers found online should generally raise our suspicions. It's hard to believe unreflectively that we deserve a five-figure amount as a prize in a contest conducted on social media that we've heard nothing about until now. Unfortunately, such scams can be quite effective. We appeal for caution, urging you to approach all offers of this sort with skepticism and full awareness of where you provide your data, especially when it includes payment card numbers.