Scam Promotions on Facebook

By Grayde Bowen | 06/01/2025 | Share:

Web adverts promoting questionable offers and schemes are old hat.  Facebook is no exception but unlike wholly dubious hosts or otherwise reliable sites depending on advert distribution engines Facebook is theoretically in control of what appears on members’ feeds.  In addition these sponsored posts are seamlessly integrated into the general feed so that the casual scroller might not immediately realise that they are not from a group or individual that they follow.  Some are the result of simple spamming of legitimate groups and can be controlled by their relevant admins.  More worrying are sponsored posts that Facebook is generating revenue from and is not filtering out the scams from other relatively harmless advertising.  Anyone showing interest by hovering over such scams (even in disbelief) will prompt Facebook to show further related and possibly harmful sponsored posts.

Kindus will look at a genuine series of posts from close to Christmas 2024.  This post advertises allegedly free electric bikes; an item that should cost around £2,000.  The catch is that a user needs to navigate to an independent website.  There are 3 questions to test that a user is in the UK.  This could be genuine to ensure that only UK details are collected or simply a means to reassure the target.  It is no surprise that the test questions are passed.  The mark is then asked for bank and address details to pay a £3 delivery charge for their electric bike.  It is at this point that any user should bail.  Why would someone give away a large volume of high value prizes yet still want to collect a negligible £3?  The most likely answer is that the site engine will collect address and financial information that can then be sold on to other criminals.

This ruse had been well put together as many of the expected flags of bad practice were missing.  They might have done better by not being greedy in asking for bank details and being satisfied with dropping off malware from the promotion site and collecting limited personal details; such as an email.

The sponsored post has a prominent image.  Putting this into a reverse image search revealed no matches (at least at the time the scam was running).  The post also had a number of comments.  In many other scam posts the top comments are full of scam warnings or queries about authenticity.  Here the top posts linked to reassurance from a (bogus) Lidl employee and additional images with comments about how participants had received their bike in 3 days.  The linked promotion website also included comments from ‘satisfied customers’ who had already received an electric bike.

A major issue is that as ‘Lidl Sports’ seem to be the promoter why is the linked site not a Lidl domain?  A ‘whois’ lookup of that site reveals that the owner is based in Iceland:

Organisation: Withheld for Privacy

Street: Kalkofnsvegur

City: Reykjavik

Looking at other pages on the same domain there is a simple but relatively harmless guide to electronic devices.  The sort of site that a student might create as a skill showcase but not an effort that would attract the interest or income to be worth paying for hosting.  In addition any link to the business of electronic bikes or any other sort of promotion is hard to fathom.

A very similar Lidl Facebook promotion appeared a few days later.  This linked to exactly the same external site although the time remanining counter had a worryingly similar value.

Instances of companies getting rid of stock do happen; especially with electronics as it quickly becomes obsolescent or can be prone to frequent failures.  In such cases the company tends to make the effort to publicise the promotion to make the best of any losses.  In the case of the Lidl bikes there was nothing on the official Lidl media nor any flurry of activity on forums, tweets and such reacting to the promotion.  Lidl itself had been the target of similar schemes including in 2024 a cheap electric scooter.  In April 2024 they submitted a request to Meta and Instagram to remove pages using Lidl’s name and logo for fake promotions.  Clearly this has not had the desired effect although it should be relatively easy for social media bots to identify data using a brand name, not coming from the owner of that brand and promoting highly discounted or free items.

The Lidl bike scam is clearly too good to be true and asking for financial details up front is a major red flag.  Many other scams are more subtle; lower discounts and links to believable or bogus shop fronts.  Reporting the post to Facebook should help although this process is clearly not working as it should.  Adding comments (if possible) will inform other users but by adding the comment the writer is telling Facebook that they would like to see more similar posts.  The best approach is to scroll swiftly on down the page.

More from Security

22/04/2025

UK Cyber Security and Resilience Bill Policy Statement

The UK government chose 1st April 2025 to release details of its upcoming Cyber Security and Resilience Bill. The Bill is due to introduced …

Read post

25/03/2025

UK Government Ransomware Payment Proposals

A UK government open consultation is running from 14th January to 8th April 2025. Its aim is to gather possible reactions to legislation preventing …

Read post

18/03/2025

Windows 10 Support To End

Microsoft has announced that support for Windows 10 will end on 14th October 2025. Microsoft want their users to move to their latest Operating …

Read post

03/02/2025

Smart Ring Security

Smart Rings are following up on Smart Watches as an attractive consumer wearable. Costs and services offered vary widely but typically include health and …

Read post

Categories

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Popular Blogs

    Bitcoin – The Hidden Costs

    Amazon S3 Security (Simple Storage Service)

    Google Search Vulnerabilities

    Lessons in handling data disasters

    Energy Costs Of Data Processing
    Categories

    We use cookies on this website, by continuing to browse the site you are agreeing to our use of cookies. Find out more.