The iPhone X isn't available until Nov. 3, but thieves are already spamming social networks with schemes trying to trick you into giving away personal information. These scams are designed to look like free iPhone X giveaway offers.
ZeroFOX, a social media security company, said it found 532 fake social accounts, including on Facebook, Instagram and YouTube, dressed up as bait for Apple fans who can't wait to get their hands on the iPhone X. Interest for the already available iPhone 8 is also high, with nearly three times as many scam posts for the lower-tier model, the company found in its research.
A spike in iPhone-related scams has become an annual tradition. ZeroFOX said these scams pop up on social media every September, when Apple announces a new device. They also springs up around the holiday season, and ZeroFOX saw a spike when Super Mario Run was released. This year, scammers had even more opportunity with three new phones from Apple, the iPhone 8, iPhone 8 Plus and the iPhone X.
Some fake pages include "iPhone8 Official" on Facebook, and @official.iphone8.giveaway on Instagram, which has since been removed. Fake comments have also been spammed across YouTube comments, promising a free iPhone 8 if you follow through to the malicious link.
Instagram didn't immediately respond to requests for comment. A Facebook spokesman pointed to a recent blog post by Bill Slattery, the social network's eCrime manager, that explains how people can spot and report scams on Facebook.
YouTube said its community guidelines include policies against deceptive practices and scams. "We carefully review and remove videos flagged to us that violate our policies and we terminate accounts dedicated to using these practices," said a representative for the company.
Researchers split the scams they found into a handful of categories: fame-farming, phishing links, fake donations and personal information collection. Fame-farming is when social media scammers create a page to amass followers, which criminals can use later to launch attacks or sell to others, ZeroFOX said.
The phishing links send people to a website that looks real and asks them to log in. Instead, it's stealing their password or trying to trick them into downloading malware by saying they need to update their system.
Fake posts stealing personal information made up more than half of the spam flooding social media, said Phil Tully, ZeroFOX's principal data scientist. These are posts disguised as "contests" where victims put in their name, email, address and city to "win" a free iPhone. Instead, the data ends up in the hands of thieves who can use it later to steal accounts. Tully said his team had found 282 accounts spread evenly across Facebook and Instagram doing this.
"Creating several accounts to promote the same link increases the surface area and total exposure of the attack," Tully said.
The company recommends people be skeptical of any iPhone giveaways they spot online. If it's too good to be true, it probably is.
First published Oct. 11 at 6 a.m. PT.
Update, 9:17 a.m. PT: Adds response from Facebook.
Update, 11:22 a.m. PT: Adds response from YouTube.
The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.
reading•Yes, that free iPhone X offer is too good to be true
Jun 23•Security researcher gets around iPhone passcode limit
Jun 23•2018 iPhone could be cheaper than iPhone X, and will USB-C replace Lightning?
Jun 23•9 great reads from CNET this week
Jun 22•Apple will fix sticky keyboards on some MacBooks, MacBook Pros