A new report by social media watchdog ZeroFox shows scammers are using the popularity of the new generation of iPhones from Apple as a means of luring people into giving up their personal information and more, with social media sites being their preferred attack vector.
There are currently hundreds of such pages across sites like Facebook, Instagram, Google Plus, and YouTube, which promise users a free iPhone in exchange for the completion of a trivial task. In some cases, these pages contain links to malware, though these are in the minority with only 74 of the 532 pages found by the company falling into that category. Most of the scams tend to concentrate on asking the user to fill out forms giving up their personal information in exchange for a chance at winning the free device, allowing the attackers to use the information at a later date for schemes such as identity theft or social engineering.
The scams were also not hard to find, with the method of operation requiring easy discoverability in order to reach the largest number of people. A simple search on Facebook will reveal heaps of such pages and according to ZeroFox researcher Phil Tully, "Any time someone is offering an iPhone for free, it’s going to raise a red flag. The chance that that that is going to be a legitimate deal is pretty low."
While social media platforms, in particular, are plagued by the problem, search engines are also victim to this type of crime, with many of the search results for a free iPhone directing users to sketchy sites.
Tully reckons that while social media platforms are devoting a significant amount of resources into tackling the problem of crime on their sites, it is unlikely to go away anytime soon. The success of such measures will ultimately be limited by the creativity of the scammers to come up with new ways of circumventing these platforms" automated defenses.