A week ago, a friend tagged me in a giveaway post of a local coffee shop.
Anyone who knows me will know that as far as hobbies go, I’m just as crazy about espresso as I am about intelligence.
This morning, I got a message that I had WON, and almost believed it too.
Naturally, I clicked the message in my instagram inbox. I quickly verified the sender by looking at the icon. They matched up, and at a glance, the usernames were the same so I read the message.
Red flags began popping up the more I read.
The message started off by telling me how lucky I was to have won. “Wow”, I thought, “I am lucky. I hardly ever win these things!”
Then it gave me instructions about how to sign up for some required service. It also provided a link. The link went to a page that asked for a credit card. (NOT a page for the coffee shop – even though the link appeared to be related to the legitimate business.
Lastly, the message ended by mentioning a 60 minute window to claim my prize, a few typos, and final reminder for how lucky I was.
I immediately take a step back, and reassess whenever a message includes:
1. time-sensitivities,
2. typographical errors, or phrasing that seems off, or
3. links (even more-so if the page asks me for a credit card!)
As we say at the Patent Office, this required further search and consideration.
Where better place to start than the source. So I went back to the bio of the account that sent the message.
Spoofing is very common in email and social media based attacks.
Lo and behold, the account names did not match. But they were close… so close that I missed it the first time. This is a common technique by cyber criminals called “spoofing”. By changing just one character toward the end of an account name, email, domain name, etc, a bad actor can make you think they are legit.
In 2021, over 95,000 people reported being scammed through social media.
It typically starts with a message, a post or an ad. One click leads to another and you’re entering credit card or account information, thinking you will win big.
They tell you that you’re lucky and you want to believe that, so you go along with it. It’s not just you though. The Federal Trade Commission (FTC) estimated that in 2021, total losses were close to $770 million.
Think before you click!
Whenever you get an email, DM or other personal message that has any of these red flags:
🚩 Stressed time sensitivities
🚩 Typographical or grammatical errors
🚩 Links to other pages (especially ones asking YOU to pay for winning)
… take the time to carefully consider the source, even if they are promising a free espresso machine! ☕️