Winning a contest is a rush. If it’s ever happened to you, then you know. We know this and businesses know this. And cyber-criminals also know this. Join me as we journey through the steps of an online scam, an attempted hack that was foiled (hopefully before any unsuspecting “winners” entered their credit card information).
Last month: February 26, 2021 marked National Chili Day. As is par-for-the-course on “National Days”, businesses and organizations having an affiliation with the celebrated day often post promotions and sweepstakes on social media channels offering people the chance to win company branded apparel, merchandise and/or gift cards. National Chili Day was no exception and Skyline Chili, the Cincinnati-style chili restaurant chain, posted opportunities on Twitter, Facebook and Instagram enticing lucky fans to win “Swag Sets” (containing a hat, shirt and $50 gift card).
As you can see from the above screen capture, to enter the contest an account must be following @Skyline_Chili, they must tag a friend and also include the hashtag #SkylineSweepstakes.
For any avid contest-seekers, be aware: In some recent instances, I have found cybercriminals targeting niche hashtags, like those that containing the words ‘Winner’, ‘Sweepstakes’ or ‘Giveaway’. Consider this your first warning and a bold one: We must be informed when entering “free” contests.
In this Skyline Chili case, Facebook users who responded to the Skyline Sweepstakes post and posted the #SkylineSweepstakes hashtag were immediately greeted with a Friend Request that appeared to be coming directly from Skyline Chili.
It appeared legitimate, but if you had on your detective hat, would the “manager’s signature” seem fishy (or should I say “phishy”) to you?