Like the world 18th most visited site and 7th most popular social network, it is not surprising that Reddit is also very attractive to cybercriminals. Besides an endless number of legitimate subreddits, cute alien photos as well as the annual April Fool’s Day events, Redditors may also encounter various types of fakes on the site, including scams targeting their data and money.
In this blog post, we’ll look at some common types of fraud you should watch out for when using a platform that, until recently, billed itself as “the front page of the Internet.”
Phishing
Phishing is generally one of the most common types of cyberattacks. Typically, this takes the form of an email or text message that poses as a legitimate request for your login credentials, credit card information, or other personal data.
On Reddit, this type of scam is spread primarily through private messages that forum moderators cannot read, making it easier for criminals to trick victims into clicking on questionable links and giving up their login credentials or download malware to their devices.
In some phishing attacks, scammers send a large number of messages that are often related to current events and abuses, such as community activism, such as when Reddit users who intend to gather to an event may suddenly receive a fake link for the event.
HAS recognize phishing, read the entire message carefully, look for grammar errors, double-check the sender, and watch out for unexpected links and attachments. If the domain looks legitimate but something is wrong, you are likely the target of a phishing campaign.
RELATED READING: Common LinkedIn Scams: Beware of Phishing Attacks and Fake Job Offers
Phishing
This targeted and more sophisticated version of phishing relies on messages specifically tailored to an individual or group of people, such as a company’s employees. Active editors who reveal too much about their lives in subreddits or even on other sites may be particularly vulnerable to this attack.
By the way, a Reddit employee also fell for targeted phishing scam in February 2023, which led to a security breach allowing attackers to access employee data. The attackers had sent fake corporate messages to Reddit employees directing them to a phishing website resembling Reddit’s intranet gateway. The employee unwittingly disclosed their login credentials, which allowed the fraudsters to access the site’s internal documents, code, dashboards, and business systems.
Fake subreddits
Reddit’s main feature is its ability to allow users to create their own discussion areas called “subreddits”, which are then overseen by moderators who ensure that users follow the rules.
This ultimately creates an environment in which these chat rooms gain the trust of users. However, scammers are always looking for ways to exploit this trust, using bots that spawn new subreddits where virtually everything is fake – moderators, sub-editors, and posts from legitimate sources. Fake subreddits often pretend to be crypto trading forums, with their moderators posing as legitimate traders.
Charity scams
Some Reddit forums are dedicated to charitable causes. Unfortunately, they can also become a breeding ground for scams, as subreddits attract scammers who pose as legitimate charitable services and prey on the empathy of caring people.
For example, fraudsters have been spotted abusing the r/Support subreddit, where people search or ask for help in various life situations. In April 2020, its administrators warned of scammers using fake profiles with CashApp tags starting with $SuperGo**** or $Falco****** that impersonated legitimate help to transfer money to people in need. However, a number of well-meaning people have unknowingly sent money to the fraudsters.
RELATED READING: Cash App Fraud: 10 Common Scams to Watch Out for
“When donating, if you receive a PM from someone you think you spoke with on an r/Support post, be sure to click on their profile and verify that you are messaging the correct person before giving send help, » The moderators of r/Assistance wrote in a warning message in response to the scheme.
Scamming people in need
In fact, some scams also involve fraudsters trying to steal money even from people who don’t have much and are asking for help.
“This scammer creates and uses random low karma accounts that have very little to no activity. They privately contact struggling users who have recently made requests and promise help, ask users for their banking information, or offer a check that will ultimately be returned, leaving the requester’s account in the negative,” reads THE r/Support subreddit.
One of the targets described the attack as an immediate response to his post on Reddit. “My God, these scammers work fast! I posted something on the epilepsy subreddit about my mounting medical bills and moments later I received a PM from Wilstonb offering me a work from home job. “I can help you financially with your debts,” she wrote.
FURTHER READING: 8 Common Work From Home Scams to Avoid
Crypto scams
Reddit is also popular among the cryptocurrency community, catering to people who follow the latest trends in cryptocurrencies and seek advice on cryptocurrency trading.
However, these writers often express frustration with messages promising to double their investments or promoting new currencies that guarantee unrealistic profits. These messages often come from organized groups who have obtained a huge amount of “shitcoins”, i.e. low-value cryptocurrencies, and are trying to sell them at inflated prices through online marketing campaigns. . These “shills” often invade any popular cryptocurrency subreddit and annoy users.
To protect yourself from these scams, follow a simple principle: question anything that seems too good to be true. If someone offers you extravagant profits or reimbursements for your losses, report it to the forum administrators.
RELATED READING: Crypto scams: what you need to know and how to protect yourself
Now let’s move on to two different types of falsification.
Spam and upvote rings
Spam is a serious problem on Reddit, exacerbated by well-organized groups that abuse the site’s voting system, create fabricated and potentially harmful content, and then promote it on Reddit using fake accounts. They promote clickbait articles with catchy headlines, but what you land on instead is poorly written content and lots of ads. Despite their lack of substance, these articles garner many upvotes and positive comments, which propel them to the top positions on the first page of the subreddit.
There is a thriving market for upvotes on Reddit, with prices ranging from $20 to $50 per 1,000 votes. If you come across a promoted post with an associated link that looks suspicious, don’t click on it – report it to the subreddit admins instead.
Karmic farming
Reddit relies on a karma system to distinguish between genuine and fraudulent accounts, but scammers have learned to get around it. They create accounts by copying and pasting older legitimate content from Reddit, thereby increasing their own karma score and posing as legitimate users.
In its 2022 Transparency ReportReddit revealed that admins and moderators removed 4% of content posted on the site in 2022. An overwhelming 80% of these removals were attributed to spam, particularly karma farming.
The emergence of AI-based chatbots late last year has made the situation even more difficult. In December 2022, moderators of the popular subreddit r/AskHistorians noticed posts that were clearly generated with the help of AI, Defect reported.
Identifying that the bot’s spammy responses were produced with ChatGPT wasn’t the problem — it was “that they were coming in so quickly and so fast,” said Sarah Gilbert, one of the forum’s moderators and a postdoctoral associate at Cornell University.
At the height of the attack, the forum banned 75 accounts per day, for three days. Before the fake accounts were shut down, they managed to run ads for certain video games.
Conclusion
In today’s digital age, scams have found their way into various corners of the internet, including popular platforms such as Reddit and other social media sites. Stay vigilant when using the site, be wary of unsolicited messages and links, question anything that seems too good to be true, and never overshare your personal information.
Regularly learn about the latest programs and stay up to date with cybersecurity best practices. Knowledge is your best defense against scams. By remaining vigilant and cautious, you can take advantage of what Reddit and other social media platforms have to offer while protecting yourself from fraud.