There’s no such thing as a free lunch, security experts warn

Oct 12, 2017 06:33 GMT  ·  By

It’s not necessarily a big surprise that cybercriminals are trying to use the new iPhone frenzy to boost their revenues, but social media security firm ZeroFox warns that scams promising free Apple devices to users are growing at an alarming rate these days following the launch of new iPhones.

ZeroFox revealed in a study that going after users on social media has become the preferred method for scammers, who are trying to convince those on Facebook, Instagram, Google Plus, and YouTube to load certain websites for a chance to get a “FREE iPhone.”

Enable 2FA for social accounts

Out of 532 analyzed websites that promise such goodies, no less than 74 of them were found to spread malware, while the rest of them pointed users to forms asking for personal information or other types of data. Simply filling in these forms generates revenue for scammers, but in some cases, they could also use the information for identity theft, social engineering, or other more complex attacks.

“Social media is abused by scammers to spread these attacks to the broadest possible audience, all while tailoring their group of targets using hashtags or abusing the publicly available follower list of popular brands, celebrities and other accounts. Scammers can rapidly segment their victim population, customize the attack, build fake accounts and launch their scam campaign at scale,” the experts warn.

Staying away from these scams is not at all difficult because of one thing: there’s no such thing as a free lunch, so if someone online promises a free iPhone, there’s a good chance it’s a scam. To make sure such a campaign is legitimate, it’s enough to check the URLs, the brand behind the campaign, and the website certificates that are being used, as scams are most often hosted on pages without SSL/TLS.

Securing social media with two-factor authentication is also a good way to make sure that your credentials won’t be stolen by cybercriminals, the experts warn, while double-checking mobile apps that these pages promote is a must-do given the fast growth of mobile malware.