Advertisement

‘Tis The Season For Social Media Scams

Attention shoppers: be wary of the ads, giveaways and deals you click throughout on your favorite social media site this holiday season. Whether through impersonation or hashtag hijacking, scammers are pulling out all the stops to fool consumers into unwittingly exposing their personal data.

There are four major types of social media scams to watch out for this holiday season, according to ZeroFOX Research:

  • Fake merchandise;

  • Fake gift card generators;

    Advertisement

  • Fake coupons; and

  • Fake giveaways and contests.

     

ZeroFOX analyzed social media during the weeks surrounding Black Friday and Cyber Monday to identify scams targeting consumers on Pinterest, Twitter, Facebook and Instagram. The social media security firm leveraged advanced machine learning analytics to find that scammers used a number of different tactics to dupe users and proliferate the attack, mainly impersonation and hashtag hijacking.

Impersonation accounts are created to look just like a real brand account, using very similarly spelled names and replacing characters with dashes, spaces and/or homoglyph characters.

Hashtag hijacking is the process of hijacking trending hashtags and brand hashtags to ensure the scam is seen by the right population, and by as broad a population as possible.

The malicious payloads of these kinds of attacks can vary, but they ultimately fall into four categories:

  • Scams: attempts to dupe users into paying money for fraudulent goods or services;

  • Phishing: attempts to harvest credentials — passwords, user names, credit card info — by creating malicious landing pages;

  • Malicious mobile apps: attempts to trick the user into downloading a mobile app that would infect their device and either steal their data or hold the data ransom (ransomware);

  • Malware: attempts to download malicious code to the user’s device that might lead to a host of different issues, such as ransomware, key logging and data harvesting.

ZeroFOX had numerous recommendations for shoppers seeking protection from these scams, including:

  • Beware of coupons and promotions distributed through sites other than the official retailer;

  • If the site doesn’t have an SSL/TLS web site certificate and is not encrypting your information, it’s probably not safe to trust that site. For details, simply click on the green lock next to the site hyperlink to confirm that your information is encrypted and the web site is valid;

  • Avoid downloading apps or files within the link;

  • Ensure two-factor authentication is enabled on your social media accounts when available; and

  • Use web validation sites to perform a “whose lookup” on the domain.

Featured Event

Join the Retail Trendcaster Webinar Series to uncover key 2025 retail trends, from AI and personalization to social commerce. Gain expert insights, data-driven predictions, and actionable takeaways to stay ahead in a rapidly evolving market.

Advertisement

Advertisement

Retail Trendcaster Webinar Series
Days
Hours
Minutes
Seconds

Uncovering What’s Next in Retail

March 17-19, 2025  |  Free On-Demand Digital Event

Q1 is a pivotal time for retail, with experts analyzing holiday sales and forecasting trends. Join Retail TouchPoints’ Retail Trendcaster webinar series for insights on consumer spending, AI, personalization, social commerce, and more—helping you focus on what truly matters in 2025.

Brought to you by
Retail TouchPoints
Register Now
Retail TouchPoints is a brand of Emerald X LLC. By clicking the button and submitting information, you acknowledge and agree that your information may be shared with corporate affiliates of Emerald X LLC, and other organizations such as event hosts, speakers, sponsors, and partners. Please read our Privacy Policy and our Terms Of Use for more information on our policies.

Access The Media Kit

Interests:

Access Our Editorial Calendar




If you are downloading this on behalf of a client, please provide the company name and website information below: