There’s no such thing as a free iPhone — but there’s always someone willing to convince you otherwise. With the iPhone 8 already in stores and the iPhone X arriving in three weeks, scammers have sprung into action, using the promise of a free phone to trick people into giving up their information or worse, often using some of the web’s biggest platforms as a launching pad for the scam.
A quick Facebook search turns up dozens of Facebook groups devoted to free iPhone scams, typically offering to send along the phone after a particular task had been completed. One offered to send a phone in a drawing among users who subscribed to an Indian viral content site and invited 50 friends; another referred users to Xpango, a referral site that has been described as a pyramid scheme.
There are many, many more. A report published today by ZeroFox found 532 such pages across Facebook, Instagram, YouTube, and Google+. The simplest attacks were asking for likes or follows that could be sold or used to push more aggressive schemes, a practice the researchers call “fame farming.” Seventy-four of the pages offered outright malware links, but most were more subtle. The majority of the pages ZeroFox found asked users to fill out forms in exchange for their free iPhone, harvesting information that could later be used for social engineering or identity theft.
According to ZeroFox researcher Phil Tully, the scams weren’t hard to find. “Any time someone is offering an iPhone for free, it’s going to raise a red flag,” Tully says. “The chance that that that is going to be a legitimate deal is pretty low.”
ZeroFox’s report focused on social platforms, but the same scams are an issue in search. The “free iphone” search (which averages about 10 hits a day, per Google Trends) is full of paid links to legit services, and either full-price iPhones or no-money-down contract deals from carriers. But beyond the paid ads, the first page of search results was dominated by dubious surveys and “product testing” offers — exactly the sites you’d expect to be optimizing for a “free iPhone” search.
Reached by The Verge, Facebook said it uses a combination of automated systems to scan for fraud, and that users should report any scams they come across. A Facebook bulletin published earlier this week warned users to be suspicious of romance and loan scammers, and told users to be suspicious of anyone asking for money or attempting to move a conversation off Facebook.
When Tully reports scam posts, he says they’re usually taken down within the day, but that doesn’t do much to keep crime off the platform overall. “I think [platforms] are pushing a lot of resources into the problem,” Tully says, “but you’re limited by the creativity of the scammers. Just taking down one of their posts won’t stop them. They’ll adopt really creative methods to find a way around that filter.”