You or someone you know probably participated in a social media giveaway at some point—tagged a friend, shared a post, or dropped your location or best three photos. Then, you drop your bank account details to claim your prize. But what if I told you that sometimes, you were the prize?
These contests might look harmless, but they get you to share personal information that could be used to scam you and your loved ones, or used to commit fraud. In 2022, users lost $1.2 billion to scams on social media globally. I’m sure it’s easy to avoid the usual suspects, like suspicious DMs or investment opportunities that are too good to be true. But what about non-obvious ones we regard as fun, like giveaways?
Don’t get me wrong—giveaways are a tested and trusted marketing tactic. Our focus here is the risk posed to users by bad actors.
To understand this issue, I spoke with Albert, Moniepoint’s Chief Information Security Officer. Here’s how he highlighted the relationship between psychology and how insidious social media scams can be.
The engineering behind giveaways
Social media giveaways blend in with the noise of your regular social media activities, so you don’t even realise there’s an issue. But as Albert points out, this is how social engineering works—by exploiting our natural tendencies and our trust in seemingly harmless interactions.
Social engineering is all about tricking people into giving up their personal information. It’s been around for years, from phishing emails to fake tech support calls. These scams prey on our trust and instincts, and they’ve gotten more creative over time. Here are some common types:
Phishing: Fake emails or messages designed to steal login details or personal info.
Baiting: Offering something tempting (like a free download) to get people to click.
Pretexting: Pretending to be someone trustworthy to gather information.
Spear Phishing: Highly targeted attacks, often based on personal details you’ve shared.
Vishing and Smishing: Phone and SMS-based scams that convince you to share personal data.
These bad actors get this information through several means, but we thought to point out methods hiding in plain sight.
Giveaways: A Trojan horse in plain sight
Giveaways are awesome and several legitimate companies use them, so it’s typically difficult to know which is real and which is not. Here’s how to spot them:
Posts that ask for too much
If a giveaway asks for personal details like your bank account or phone number, that’s a red flag. Legitimate giveaways shouldn't ask for sensitive info in public.
Posts that mimic legitimate brands
Scammers create fake giveaways that look like they’re from well-known brands. Always double-check the account hosting the giveaway to see if it’s verified or legitimate.
Scammers lurking in comments
Even if the brand is real, scammers often pose as the company or other users in the comments. They’ll ask for your info under the guise of helping you win.
Why you should be scared
Your account could get compromised
Scammers gather your public info—like your pet’s name, favourite club, or first car—to answer security questions and reset your accounts. They combine this with other personal details to hack into your email, bank, and social media.
Your SIM could be hijacked. When you drop your phone number in a giveaway, scammers can use it to perform SIM swaps. They take over your phone number and intercept OTPs (One-Time Passwords) to access your bank accounts.
Fake accounts could be created in your name
Your details can be used to create fake accounts for fraud or money laundering. You won’t even know your name is being used in illegal activities until it’s too late.
It could also be used as a conduit illicit funds. Scammers could scam someone else and spread the money across multiple accounts. Such scenarios could lead the law enforcement to your doorstep.
Other dangers: Scammers could use spear phishing to send personalised emails based on your interests, like offering fake deals on items you’ve posted about. They can also steal your identity to frame you for crimes, or use details like your address or routine to target you or your family for stalking or kidnapping.
It’s not just giveaways
It’s not just giveaways that put you at risk. Nostalgic or fun trends like the ten-year challenge or quizzes might seem fun, but they reveal personal details scammers can exploit. Check-ins and location tags give away your routine, making it easier to track your movements.
Even anniversary posts can be risky, revealing info like your friend’s name or where you met. Odd viral questions, like “What’s your account balance based on your BVN?” are red flags—scammers are always looking for ways to gather your data.
What do you do?
So, should you avoid giveaways entirely? Maybe not, but you should be cautious.
Do your research: “Before you enter any contest, ask yourself: who’s really behind this giveaway? Data brokers run a surprising number of these contests, not the brands you think you’re engaging with.”
Avoid public sharing: Avoid any that ask for sensitive information like your bank details or phone number in a public space. Scammers might be lurking in the comments section of legitimate giveaways. Stick to those who keep the process private, engaging you through DMs instead of public posts.
Do the basics: Activate multi-factor authentication and privacy filters on all your accounts and your phone.
Go tech savvy: If you live for the thrill and must participate, at least use email aliases or disposable phone numbers.
How Moniepoint protects you
Beyond your typical features like PINs, and multifactor authentication, we’ve added some extra layers for even more protection. When I switched to a new device, Moniepoint asked me to scan my face. It wasn’t just any scan—there’s a liveness check to ensure it’s not a photo, which is great if someone tries logging in elsewhere. You can also monitor your account activity for suspicious logins.
If you have a Moniepoint card, there’s no name or number on it to reduce identity theft. Plus, you have full control: block the card for ATMs, online shopping, or POS use, or even disable it entirely.
We also educate users through our blog on how to stay safe online. Hopefully, this article helps you think twice about what you share, keeping both you and your loved ones safe.
If you’d love to partner with us or work with Albert as we secure financial happiness for millions of Africans, please visit our website.