TechPhishing alert: Facebook contests used to steal personal data

Phishing alert: Facebook contests used to steal personal data

CSIRT NASK warns about scams on Facebook
CSIRT NASK warns about scams on Facebook
Images source: © Getty Images | SOPA Images
Oskar Ziomek

15 September 2024 18:32

Police draw attention to ongoing phishing campaigns that are encountered on Facebook. In these cases, scammers use the pretext of a competition with the alleged possibility of receiving a cash prize. An unusual element of the scam is an instruction with a link posted in the comments section of the post.

The scam begins with a tempting post on Facebook, suggesting that users can win a competition and receive a cash prize. The instructions are provided in the comments section of the post. The theoretical steps users are asked to follow include visiting the site via the provided link, commenting on the publication (which likely increases its reach), and completing these steps within 12 hours. Of course, the entire story is a fabrication.

The critical element is visiting the site linked in the comment. The attackers use this site to extract data from potential victims. Depending on the case, this can be at least personal data, but most often also payment card numbers, possibly under the pretext of confirming identity or "receiving a transfer" related to the competition. Naturally, these steps are merely components of the scam.

If the fraudster obtains the victim's data in this manner, they could make purchases at the victim's expense or, potentially worse, attempt to take out a loan in their name or subscribe them to unwanted services. In such cases, small amounts might regularly disappear from the account, which is generally harder to notice, especially if the bank account is not checked daily. Having a protected PESEL could potentially protect against unauthorised loan attempts.

As always, we remind you that attractive-sounding offers found online should, as a rule, arouse suspicion. Without reflection, it is difficult to assume that we are genuinely entitled to a five-figure sum as a prize in a social media competition we had not heard of before. Unfortunately, these scams can be effective in reality. We appeal for caution, encouraging a sceptical approach to such offers and being fully aware of where we provide our data, mainly when this includes payment card numbers.

See also