This type of scam appears to have emerged during COVID-19 when live stream events have become more popular due to social distancing restrictions.
Overseas, live stream music events that replace concerts have been hijacked by scammers.
WA ScamNet investigation
Recently scammers targeted the Western Australian Consumer Protection Awards Facebook Live event, as well as other Facebook Live events being run by universities in Australia.
Due to COVID-19, the Consumer Protection Awards March 2020 in-person event was postponed and then cancelled, leading to a virtual Awards ceremony for the first time.
Shortly before the Awards were due to start, Consumer Protection became aware of several Facebook profiles attempting to divert viewers to a different page, by posting links to what they claimed to be the ‘Consumer Protection Awards 2020 Live Stream’. This happened in the comments section beneath the event’s banner image.
The links led to a fake website that was branded with the Consumer Protection Awards images and a media player. Clicking the play button led potential victims to a website claiming login was required and to click a button to create an account.
The ultimate aim was to divert them to a ‘music and video’ subscription page that required credit card details.
Fortunately, Consumer Protection had a team of moderators working on the event who were able to delete the comments and ban the profiles. To our knowledge, nobody has handed over personal information or lost any money in this phishing attempt.
WA ScamNet found that the same scammers were targeting another Facebook Live event in Perth hosted by a higher-education facility occurring at the same time as the virtual Consumer Protection Awards. And the scammers then went on to target an event being held by a university over east and an Aboriginal fashion festival in the NT.
WA ScamNet at Consumer Protection had not been aware of scammers targeting Live events on social media in this way previously.
Scam prevention tips:
- If you are hosting a Facebook Live event, watch out for dubious-looking profiles that appear to be outside of Australia but RSVP or like event posts. Check the comments section of your event image/banner before and during the event for any posts with links to phishing websites, and if any appear delete them as quickly as possible (try to get a screen shot first). You should also report the offending profiles to Facebook and then block them.
- Facebook users should always ensure a message containing a link to an event is from the genuine organisation hosting it. For example Consumer Protection WA only posts as ‘Consumer Protection WA’ and not under any individual person names. But accounts posting bogus event links included a profile with the name Arifa Jannat and another profile with a name in Arabic.
- Know that Consumer Protection does not charge a fee for people to attend an event – our services are free.
- Check the tick before you click – some pages and profiles on Facebook are verified and will have either a blue or grey badge/tick.
- Be suspicious if an event you are trying to watch is requesting login information that you wouldn’t expect was required.
- If you click on a link and give out personal or banking information call your bank as soon as possible and arrange for an alert to be placed on your account to avoid unauthorised payments coming out. Also contact ID Care to discuss identification security.
- If you become aware of a live stream event phishing scam, as a Facebook user or event organiser, try to get screenshots and report the incident to WA ScamNet.