"Free iPhone X" scams on a rise: Beware of fake giveaways

by Ugnius Kiguolis - -

Do not fall for “free iPhone x” scams on Facebook, Instagram or Twitter!

iPhone X scams on a rise

Receiving a free iPhone X in exchange for a click on a particular link or liking a page on Facebook may sound like a deal, however, believing that someone gives free stuff nowadays is simply naive. Chances are, attempts to participate in such giveaways will simply result in a computer infection or add you to fraudsters’ contact lists which later can be used to perform social engineering attacks or send malware-laden emails to you.

The launch of the new iPhone X is just around the corner[1], and everyone’s excited about the new smartphone that has the outstanding Animoji feature. Undoubtedly, its price isn’t something we are happy about, and not everyone has a spare $999 to spend for a new iPhone[2]. Cybercriminals are ready to exploit the hype over the new smart device, creating hundreds of fake accounts on Instagram, Twitter, and of course, Facebook.

It appears that fraudsters are establishing fraudulent social media pages and accounts to announce fake giveaways. Typical social engineering attack involves a post that suggests performing several simple steps in order to participate in a giveaway. Usually, victims are asked to like the post, comment on it and share it as well.

The fact that fraudsters are promising hundreds of free iPhone X accounts should cause suspicion, especially when the social media page or account barely has few hundred or thousand likes on it.

Reasons why scammers promise free products

There are three main reasons why cybercriminals take advantage of the iPhone X hype. First of all, they can trick iPhone fans into clicking malicious links they provide.[3] This way, they can make the victim visit any page they want, including phishing, data-stealing or malware-laden websites. Keep in mind that Locky, Cerber and Magniber ransomware[4] are extremely active nowadays, therefore you should be extremely careful when clicking suspicious links leading to external websites.

Also, you can get redirected to websites asking for your personal data (name, surname, email address and other details). Of course, scammers will justify the collection of such data by saying that they need it in order to contact the winners of the “free iPhones,” sadly, such details are going to be used in future social engineering attacks.

For example, you might receive a fake message via email asking to open “important attachment” from your local bank or another organization you’re familiar with. Failure to identify the deception can lure you into opening the malicious attachment which can contain highly dangerous software such as Trojans, ransomware or similar.

Finally, fraudsters collect likes and followers on certain social media pages so that they could use them for further illegal projects. Often, such pages collect thousands of likes and then appear on dark web forums for sale. With such amount of followers, these deceptive pages can be efficiently used in the distribution of malicious links.

Facebook malware and scams are on a rise

Facebook scams, hoaxes and malware are on the rise, and the social media platform proves to be scammers’ favorite place to hunt for unsuspecting victims. Currently, you should be aware of these three most popular scams and Facebook viruses promoted on the popular social network:

  • Faceliker virus. Beware of this new malware form that sneaks into the victim’s computer after the visitation of a deceptive website. Faceliker Trojan then manipulates user’s likes on Facebook and boosts specific pages, fake news or links instead of liking content preferred by the victim.

    You can check for the existence of this malware after noticing suspicious pages appearing on your news feed. You can just go into your activity log and check whether there are any suspicious activities recorded. Afterward, a thorough system scan and a change of Facebook passwords are recommended.

  • Facebook Ryanair scam. This new scam promises free airline tickets, asking victims to enter a lot of personally-identifiable details into provided forms on phishing websites. These posts do not come from official Ryanair’s Facebook page and cause significant risk to user’s privacy. Once again, it is one of those scams that promise free stuff to users, asking for extremely valuable data in return.
  • Facebook video virus. This scam has been known for months already; however, there are hundreds of users still falling for it. The virus spreads via accounts of people who already clicked on malicious links. Compromised accounts send the malicious link to their friends, asking to view a particular video. In most cases, these videos are called “private video,” “hahaha,” or similar.

    Clicking on it leads the victim to a deceptive page which may install malware immediately or will ask to install a certain plug-in or an application in order to view the “video.”

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The problem solver

Ugnius Kiguolis is the founder and editor-in-chief of UGetFix. He is a professional security specialist and malware analyst who has been working in IT industry for over 20 years.

Contact Ugnius Kiguolis
About the company Esolutions

References