How you can spot fake coupons on Facebook -- and why it matters.

How you can spot fake coupons on Facebook -- and why it matters.
R

Facebook seems to be awash in fake coupons and giveaways recently, and that's troubling news for the consumers who get caught up in these scams.

With holiday shopping in full swing, scammers are out in force, tricking shoppers into sharing fake coupons on social media. Here's why you need to worry about it.

Sharing or liking a fake coupon is a really bad idea.

I've seen people share coupons and giveaways they acknowledge are probably fake, but they share it anyway because they think that if it's not real, then there's no harm done.

What they don't realize is that not only have they just shared some of their account info with a spammer, they've exposed their friends and family on Facebook to the same risk. It's real and insidious enough that at least one police department has posted official warnings pleading with their constituency to stop sharing fake coupons.

There are generally three ways that spammers use fake coupons and discounts to scam consumers:

Installing malware on your computer.
CNET points out that a coupon image on Facebook isn't the printable coupon itself - it's just an image that someone uploaded. When you click the link to get the coupon, you're whisked off to a bogus website you've never heard of and the next thing you know (or don't know, at least not right away) that site is installing something nefarious on your laptop. The most common malware is the kind that steals sensitive info like bank logins. Less common is malware referred to as "ransomware" which locks down your computer and demands an online payment to regain full access.

The survey to nowhere.
You click on the image of a coupon on Facebook, and it takes you not to the retailer's website, but to a nondescript, badly designed survey - again, on a site you've never heard of. If you didn't just immediately say "NOPE" and hit the back button, then you'll complete survey after survey. You'll never actually get to the point where you get a coupon or gift card, of course, but the spammers, who get paid for every completed survey, just made a small fortune off you, and maybe phished enough information out of you to retrieve some passwords or gain access to some of your accounts, too.

lowes

This Lowe's coupon that's been making its way around Facebook is about as fake as they come.

"Like" farming. 
Did you know there's an entire black market devoted to buying and selling Facebook Likes? A scammer will start a new Facebook page and fill it with kittens and puppies, prayer requests, and, of course, fake coupons and giveaways, asking you to like or share. The idea is to rack up as many Likes as possible. Once the page hits a target number, the scammer can do one of a few things:

  • Convert the page to advertise something you never intended to like.
  • Sell the page to a third party. A few years ago, Yahoo! News pointed out a Facebook page about cuddling with more than 1 million fans was listed for sale on a black market forum for $7,000.
  • Keep posting clickbait in the hopes you'll click through to their surveys or malware.
  • Buy advertising that shows up in your timeline.

Now, it's fair to say that some of the above - like paying for Facebook ads and convincing fans to click through to your website - are generally honest, legitimate marketing practices. For example, if you're a fan of Brad's Deals on Facebook, you probably see our posts and ads in your timeline from time to time, and we'll also post links to deals we like and articles we've published. That's a totally normal, above-board use of Facebook Pages and Facebook Ads. It becomes spam when those tools are used under false pretenses by scammers who are hiding who they really are and what they're really up to. Consumer Affairs has a really fantastic, in-depth article about "Like" farming if you want more info about it.

And all of that leads us to one place:

The only safe coupon is a verified coupon.

If there's just one thing that you take away from this article, it should be that you must always, always ask this one question about any coupon that sounds too good to be true:

Was it posted by the retailer's verified account?

If Target posts a coupon to their official Facebook page, then it's the real deal. Most often, major retailers will have verified accounts, denoted by a blue checkmark next to their name, like this:

Target-verified-account

If it was originally posted by a third party, however, it's good to be suspicious.

It's also worth noting that not every business's official Facebook page will be verified. If there's no blue checkmark but you still think the page may be official, you can always go to the company's website and look for their Facebook information there. Whatever they're linking to is official - and therefore safe.


Fake Spotting Example #1: 50% off at Target

This fake coupon from Target made the rounds on Facebook a few weeks ago:

fake-target-coupon

The link led to this very fake coupon:

fake-target-coupon-2

The coupon looked real enough when it didn't have "THIS IS A FAKE" scrawled across it. Easy access to graphics software like PhotoShop make the creation of real-looking fakes easy to do. But when we take a closer look there are plenty of clues to tip us off that this was not an authentic Target coupon:

It wasn't posted by Target.
Maybe at first glance that "target.com-holidays.xyz" URL on the post looks legit. It says "target.com" right? Well, no, it doesn't, but that URL was engineered to trick you into think that it does. That weird ".xyz" URL doesn't exactly take you to Target's website. You probably didn't even know that .xyz was a proper URL, right?

Now, this is some kind of techie stuff. ICANN is a nonprofit that coordinates the way the Internet is organized. Think of them like the civic planners of the Internet, and the gTLD (a/k/a TLD) is kind of like zoning. ICANN recently changed the rules a bit, opening the door to a whole bunch of new, non-standard TLDs - the last little bit of a URL, like .com, .org, or .net. You may have already started seeing strange URLs like .movie, .band, .coupons, and so on and wondered what was up.

Scammers are snapping up URLs on these new TLDs that they know most of the online world still doesn't even really know about because it's easier to trick people with them. But if you're aware of them, it makes more sense that a legitimate business the size of Target isn't likely to be doing any business on anything the broader public isn't yet fully aware of. ICANN made .xyz available back in June 2014, and to our knowledge Target has no official presence there.

We really can't stress enough how important it is to pay attention to the source URL before you click or share. Let's take a second look at that post, and what it would look like if it's real:

good-url-bad-url

See the difference? In our example above, that entire string is the link you'll be clicking through to. The good URL shows what it should look like if it's authentic - no extra junk included.

(Note that we photoshopped the bad coupon for demo purposes here. It still isn't actually a valid coupon, sorry.)

The discount is too good to be true.
Consider that just a few days ago we were totally psyched to see a 15% discount from Target for Cyber Monday. It was a really, really big deal to see 15% here. It was so big that Target did an entire press release about it after the fact. So when we see 50% off, we know straight off that something isn't right, and since many of our fans are regular Target shoppers, we're pretty sure that in their heart of hearts, they know that too.

It doesn't list any exclusions.
That official 15% had a ton of exclusions that are pretty standard, like gift cards, certain super popular brand name electronics and kitchen goods, and even LEGO toys. That fake 50% off coupon doesn't list any exclusions at all. None. That's a huge red flag.


Fake Spotting Example #2: Walt Disney World Giveaways

Over the last year or so we've also seen a sharp uptick in the number of fake Disney World giveaways. It's not a coupon, exactly, but it's the same kind of scam and worth walking through as an example since it provides so much to look at.

disney-scam

Punctuation or extra words in the name.
We've spotted multiple fake Walt Disney World giveaways in the last couple years, and the biggest telltale sign, besides the lack of that blue checkmark, is that the pages have a little something extra in the name that the spammers are hoping you'll overlook. We've also seen examples like "Walmart Customer Service" or "Kohl's Coupons" that are not official pages run by Walmart or Kohl's.

Low quality photography that doesn't fit with Disney's ultra-strict branding standards.
Think about it - everything that Walt Disney Co. publishes is of the highest, most pristine quality. They're notoriously picky about this stuff. A low-quality cell phone pic of a bunch of nondescript cardboard boxes is never going to make it into anything official. Ever. I mean, ever. I can't emphasize this enough. If for some reason you don't believe me, compare the fake giveaway to Walt Disney World's official Facebook page. The difference in the photography, the tone, everything, couldn't be more stark.

The language just sounds wrong for the brand.
Disney is an iconic brand. With so many fans hanging on their every word, they have no need to use gimmicks like "Attention!" Read a little further and the grammar is a bit off. You don't say "all paid Disney World vacation," for example, you say "all expenses paid."

There's no fine print.
Where are the terms and conditions? There aren't any. Because it's not real.

The contest is too unsophisticated.
Likes, shares and comments are an incredibly low-tech contest solution for a cash-flush, tech-savvy industry leader like Disney - not to mention that requiring them for a contest or giveaway is against Facebook's contest policy. To put it another way, a brand cannot offer an incentive as a way to bribe you to interact with one of their posts.


Some other red flags to look for when you suspect a coupon or contest might be fake:

The Facebook page has only been online for a few days.
Target, Kohl's and Walt Disney World didn't only just create their Facebook pages last week.

You have jump through some hoops to access the discount.
Any legitimate coupon will never ask you to like, share, comment, or take a survey in order to access the promised discount. Sometimes surveys ask for information that could be used later by a crook to access your accounts.

You're prompted to download or update software to access the coupon.
One trick that scammers use to get malware onto your computer is asking you to download a video player, update your flash player, or similar. Except that what you end up downloading isn't actually a video player, or there's a data mining virus bundled in the download.

Let's put it another way:
No legitimate coupon will ever ask you for something in return. 


What to do when you spot a fake coupon.

Do not like or share it.
Whatever the spammer is after, attaching your account information to it is not to your benefit.

Never share a coupon you have suspicions about "just in case it's real."
If a coupon isn't real, then you're not just giving your private information to a spammer, you're exposing all of your friends to that same risk. These scammers are doing bad things you can't necessarily see, everything from malware to social engineering. If Target really is offering a 50% off coupon, it's totally going to be worth the extra minute or two it takes to authenticate it.

Check official, verified coupons at Brad's Deals.
If we haven't posted that eye-popping 50% off coupon, it's not because it's some tightly held secret that only your aunt on Facebook knows about. And it's definitely not because we don't want you to know about it. Believe me, if we do ever see a legit 50% off coupon from Target or Kohl's, we'll be shouting it from the rooftops. We'll make sure you know about it.

If you can't take our word for it, ask the retailer on their own Facebook page.
Trust us, the last thing that any retailer wants is for you to find a fake coupon and be disappointed and embarrassed in the checkout line. It just makes everyone look bad. So they're happy to give you the scoop if you ask. In fact, scan their "Posts to Page" section before you ask and you'll probably find at least a few others who have already have, along with the retailer's reply.

Or check Snopes.com.
If something needs to be debunked fast, the mythbusters over at Snopes will be looking into it and rendering a verdict pretty quickly.


Other things you can do to protect yourself.

Clean out your Liked Pages from time to time.
If there's something in there you don't recognize or no longer care about, unlike it immediately.

Be suspicious of everything.
It's far too easy to mindlessly hit a Share button without considering the source. There's a ton of bad info out there. Use resources like Snopes heavily. And if you're curious about a coupon, ask us!

Share this article with your friends.
If you see one of your Facebook contacts falling for a fake coupon scam, share our article with them. The more that we educate ourselves as savvy social media users, the better protected everyone will be.