A glut of phishing mails and fake ads about dodgy investment schemes using an image of Martin Lewis, a UK consumer champion, are hitting inboxes at a pace. The emails are prolific and tens of thousands are believed to have been launched.
It’s a typical ‘celebrity’ scam in which an image of a well-known person appears to endorse a product or service when in fact their name and image is being used fraudulently. The use of Lewis’s image in particular is common and scams using his name date back at least five years.
Lewis is a trusted figure and has built a reputation for finding the best deals across a wide range of services and products, and offering cost savings tips. His apparent endorsement is seen as a mark of trust.
This particular scam consists of fabricated news’ articles which lead to malicious websites where scammers attempt to get people to enter their personal details to access, in this case, a fake investment programme.
These scams are widespread.
- In just four months in 2020 the National Cyber Security Centre removed over 300,000 URLs linking to investment scams with fake celebrity endorsements.
- According to UK researchers online subscription scams, many using bogus celebrity endorsements, are costing victims tens of millions of pounds a year. In the UK there are estimated to be approximately 300,000 victims each year. The average loss for each individual is £250, putting total losses close to £75 million a year.
- In the US, reports to the Federal Trade Commission revealed show that social media is increasingly where scammers got operate their scams. More than one in four people who reported losing money to fraud in 2021 said it started on social media with an ad, a post, or a message.
Not even the savviest Internet user is completely immune to sophisticated social media fraud. As such it helps to be aware of the most common circulating social media scams.
In these social media scams, hackers leverage the credibility of a noteworthy name to get victims to click on a malicious link out of curiosity. Since celebrity photos and information are readily available across the web, it's fairly easy for a criminal to create s fake Facebook profile. Scammers also pretend to be a real company on social media in an attempt to harvest your private account details.
If you have a Facebook account, there’s a good chance you have encountered profile hijacking, Facebook friend request scams, and fake Facebook profiles. A profile hijack is a type of identity theft where the criminal poses as a friend or family member on social media to earn your trust and eventually trick you into sending money or clicking on a malicious link. This can happen on any social media site, but it commonly happens on Facebook. There are two main types of profile hijacking; a criminal creates a fake Facebook account impersonating someone you know or they hack into a person’s real account, change their password and use their network to scam unsuspecting friends and family.
It's estimated that nearly 1 in 5 relationships now begin online. However, criminals are also using online dating as an opportunity to con victims into giving away money. These types of scams are often referred to as catfishing. These catfishing scams are similar to Facebook friend request scams, but they typically carry on over a period of time and involve more deception and manipulation.
Clickbait headlines and messages feed on a person's curiosity through a misleading or sensationalized text. Some clickbait is harmless and may be an attempt to increase web traffic. However, other clickbait can lead to hidden dangers like malware or viruses that put your private data in jeopardy.
We've all seen personality or IQ quizzes on Facebook, or quizzes such as Which Harry Potter house would you belong to? These quizzes aren't about testing your personality they are disguised clickbait and phishing methods. Take one quiz and you could unknowingly be giving up personal details.
Simple steps to self-protection
- Keep your social profile information private. Make use of your privacy settings to avoid being hijacked, use a strong password and don’t share your password with anyone.
- Never share account information on social media. Legitimate companies will never contact you on social media and ask for your account information.
- Be suspicious of anyone who asks you for financial assistance, no matter how dire they say their circumstances are.
- Don't click on unrecognizable links. Before clicking on a shortened URL on social media, use a link lengthening service like urlex.org to verify the source.
- And last, but certainly not least, make sure you’re using proven antimalware protection. Many of these scams are designed to quietly insert malware into your devices to steal sensitive personal details.