You probably have seen those Facebook marketing campaigns where you’re told to “comment and share to win a free gift card.” They’re fun, and usually harmless…unless you win. Certain hackers can impersonate the winner’s account very easily to get the item. This happened with one of our Facebook giveaways just after the holidays had ended.
We announced the name of the winner on our social media page, and within minutes, someone had created a fake profile of that person to message our Facebook page’s administrator. The hacker had created the profile with public facing information (profile photos / hometown / some basic friends), but they BLOCKED the person they were impersonating so she wouldn’t see it. This could have also allowed the hacker to try and access friends of their target and get personal information, like security questions (for bank websites).
The hacker then received the gift card number from our social media team and added it to his dummy amazon account. When the hacker attempted to make purchases with it, however, Amazon saw a pattern of malicious behavior. Using browser cookies and logged in IP addresses, Amazon can ban all associated accounts to the one that used our stolen gift card.
The affected user was very upset their identity was stolen, but still received a new gift card 😊