Last week, we reported about these alarming cryptocurrency scams spreading via Twitter. These weren't your garden-variety spam posts either, but rather, fraudsters were hacking into the verified accounts of celebrities and brands in an attempt to lure unsuspecting victims.
But it looks like these crypto-scammers are moving on and are now targeting other social media platforms, as well. This time, they're gaming Facebook's official sponsored ad system to fool eager people who are looking to make a quick profit.
Read on and see what this new scheme is all about. Cybercriminals are relentlessly coming up with new tactics all the time, and it's always good to be aware of their latest schemes.
Another social media scam is spreading
This new ploy is a classic phishing scam that's meant to steal your personal information like your name, email and credit card numbers.
And similar to other elaborate phishing scams, these cybercriminals created a bunch of fake websites, news articles and ads for that purpose.
Watch out for this Facebook ad
The whole ploy starts with a fake Facebook sponsored ad promoting an easy "wealth building" scheme. Accompanying the post is an embedded report that appears to originate from the news site CNBC.
If you take the bait and click through the ad, the ruse gets more obvious. First, the link's web address doesn't belong to any CNBC domain.
However, the fraudsters mimicked the look and feel of the real CNBC site so there's a chance an unsuspecting eye might get duped. But yes sir, the entire news article is completely fraudulent, the fakest of fake news.
Basically, it states that Singapore has officially adopted a certain cryptocurrency and has anointed a firm, dubbed the CashlessPay Group, to market and purchase it. Nevermind that CashlessPay sounds just like another third-rate pyramid scheme, but let's go along for the ride, shall we?
Wait, is that Sir Richard Branson?
Typical with fake ads and scams, the article has a dubious celebrity endorsement, in this case, from Sir Richard Branson, amping up the suspense surrounding Singapore's alleged mystery coin.
"When the name Singapore's coin is released many people will become millionaires practically overnight," the not-Sir-Richard-Branson was quoted to say. Wow, who can resist?
Where does the rabbit hole go?
Embedded within the article are mentions and links to the website of the enigmatic CashlessPay Group. The website, of course, is completely a phishing site and the scammers didn't even do a great job disguising the fact.
Why? According to The Next Web, all the links are broken except for one crucial page - the registration form. This page is where all the get-rich-quick hopefuls are funneled into surrendering their names, phone numbers, and email addresses.
Wait, there's more. Once the victims have entered their personal information and clicked "Get Started Now," they're whizzed out to yet another fake page, this time to a selection of scammy cryptocurrency exchanges.
The Next Web mentioned that at least two fake crypto exchanges are involved, Roiteks and CoinPro Exchange, both registered to be from Bulgaria. But it doesn't matter which fake exchange webpage you land in, they're all set up with "payment portals" designed to grab your personal info and credit card data.
Apparently, these portals were programmed to "decline" transactions all the time. It doesn't matter, of course, the crooks already have the info they need.
Feel bad that your credit card didn't appear to go through? Well, the fraudsters are double-dipping by letting you try a direct deposit instead!
How are these scams slipping through Facebook?
You probably know by now that there are tons of bogus information going on in Facebook at any given time. The social media giant is trying to clean up its act, though.
If you can recall, Facebook banned blockchain and cryptocurrency ads earlier this year but softened its stance by allowing pre-approved cryptocurrency advertisers to post sponsored ads. (Can't resist the revenue, eh?)
But as always, scammers have found a way to exploit this loophole to spread their scams.
How to protect yourself from this nasty scam
Use trusted cryptocurrency exchanges - With the cryptocurrency boom that happened earlier this year, fly-by-night cryptocurrency exchanges have sprouted up everywhere. Most of these are scams so if you're looking to trade cryptos, be careful! Unless you know what you're doing, stick with the well-known and trusted names like Coinbase, Kraken, Bittrex, etc.
Always scrutinize social media posts - Don't readily fall for any promos, giveaways, too-good-to-be true-ads and posts on social media. Share this warning with your friends to let them know about this scam.
Watch out for phishing sites - This scam pretended to be an official report from a major news outlet and copied the look and feel of the real site. This is a common tactic with fake ads and news so you have the check the web address or URL of any promoted links you come across in social media.
Think that website is safe because of the padlock symbol? Think again
The internet can be a scary place for anyone. We constantly have to be careful and tiptoe around just to make sure we don't get our data stolen or have our financial accounts breached. But if you thought that you were relatively safe if you used a website that had the small padlock icon next to the URL. Well, it turns out you were wrong.