Fake Gift Card fan pages and groups are certainly not new to Facebook. These deceptive pages have been a thorn in Facebooks side for a long time. Most of them are designed to look similar to a corporate offer, such as the $1000 Best Buy Gift Card, and entice those who arrive on the page with a sweet deal. Even the most savvy internet users often fall for the scheme.
Most of these schemes are run similar to the clickjacking pages we mentioned last month. Those arriving on the page are told they either need to "Like" the page to receive the offered "gift" or invite X number of friends. The sheer volume of "Invite your friend" offers that have circulated in the past has many Facebook users wary of such schemes. This loss of potential targets has the schemers moving in new and inventive directions such as clickjacking, and down right compromising user accounts.
Keep in mind, a user must at some point have clicked on something that transferred information to a potential hacker, in order to have their account compromised. It could have been a downloading a file containing trojan software or providing sensitive personal information somewhere they thought was secure. Either of these could give someone access to your computer and Facebook account without your permission.
The latest scheme rearing its ugly head is the creation of Gift Card and electronic giveaway "Events". These events appear to your friends as though you have not only referred them and endorsed the event, but actually created it as well. Events on Facebook detail who the creator is, causing friends to automatically believe the scheme.
For example, I received two such event notifications today, both from the same friend. I immediately suspected his account had been compromised and brought it to his attention, but the damage had been done – the event was sent out to hundreds of his friends.
The first event, a $1000 Best Buy Gift Card giveaway was removed very quickly by Facebook, and I was unable to take a screenshot of it for you all. I did still have a copy of the email sent though, shown below:
The second event was for a free iPad, and gave instructions to those wanting one that they needed to enter their email address and shipping address into a off-Facebook webpage, and then wait 3-5 days for their iPad to arrive.
In a recent article on PCWorld.com, Robert McMillan of IDGNews.net wrote:
In the past months, fan pages have popped up all over the social networking site, offering too-good-to-be-true gift cards. There's the $500 Whole Foods card, the $10 Walmart offer, and the $1,000 Ikea gift card. The Ikea page put these gift card scams on the map last month, when it quickly racked up more than 70,000 fans before being snuffed. Facebook has also taken down Target and iTunes gift card scam pages in the past few months.
The purpose of these schemes is to gather either personal information from users, or to deceive them into completing some sort of affiliate offer. Many of the offers are offered by legitimate affiliate marketing companies, but the methods these unscrupulous affiliates use to get you to do what they want is a major underlying problem. Much of the information they gather either ends up costing you money or could lead to identity theft.
Facebook users need to be not only wary, but vigilant about what they click; especially on social networks such as Facebook. Trojans can be downloaded unknowingly anywhere and then used against you to deceive hundreds and/or thousands of people. A good quality Anti Virus program will help combat those that slip through your radar.
Real corporate offers will also have highly professional fan pages, and they most certainly will not be directing you to a $0.99 .info domain name. "Like" buttons are embedded into a well designed page – not a plain white blank page. Check carefully though as many of these plain pages may show comments from supposed users claiming the event offer "worked".
Dig around a little first. If the offer is legitimate, it will still be there after you take a few more minutes to check it out first.
Read original blog post