In the past few months, a flurry of gift card scams leveraging such high-profile brands as Best Buy, Whole Foods and IKEA have emerged on Facebook. These scams often use the brand’s logo, website URL, or general “look and feel” on Facebook “fan” pages to give the impression that these offers are legitimate. Some scams are even bold enough to include bogus, non-interactive fan comments to add a greater sense of authenticity to the gift card offer. To date, these scams have been successful at tricking tens of thousands of consumers. In just one day, for example, a fan page titled “IKEA Get a FREE $1000 IKEA Gift Card! (ONLY AVAILABLE 1 DAY)” registered 40,000 fans before being shut down.

While gift card scams themselves have been around for years, what is new here is that they are being delivered through new channels. In the early days of the Internet, consumers would typically come across these scams via spam email or web advertisements. With the advent of Web 2.0, these gift card scams are now showing up on popular B2C marketplaces—such as Craigslist and eBay—as well as social media sites, including Facebook and Twitter.

These scammers (typically unscrupulous affiliate marketing firms) understand social engineering tactics well and exploit them to optimize their campaigns. For example, many of the scams create a sense of urgency to respond (a tactic often used in phishing scams) to maximize response rates. In one scam, a $1000 Best Buy gift card is offered to the first 20,000 people who sign up. In the IKEA example mentioned above, the gift card offer expired in 24 hours. Scammers also understand the viral nature of social networks and leverage the trust built among friends and colleagues to quickly spread the scams. For example, in several gift card scams, including a $500 Target gift card scam, consumers must suggest the page to all their Facebook friends in order to be eligible for the promotion.

What is the harm in falling for one of these scams? In short, plenty. In order to receive a gift card, consumers are typically asked to divulge their email address, along with other personal information, including mailing address and phone number. Once this information is captured, consumers are sometimes asked to complete a series of surveys. Then, consumers are usually required to signup for roughly a dozen offers that often cost more than the value of the ‘free’ gift card which they may or may not receive in the end. Meanwhile, the affiliate marketing firm has captured a wealth of information that it sells to third parties and telemarketers. As a result, consumers who fall for these scams reportedly receive around 30 junk emails per day, numerous unwanted telemarketing calls and sometimes even costly text messages sent to their cell phones. Plus, they end up subscribing to services they never wanted in the first place.

Sometimes it gets even worse. The goal of a recent $500 Whole Foods gift card scam was identity theft by leveraging malicious software, or malware. In this scam, consumers were required to complete a credit assessment form that left their personal information exposed before the malware crashed their computers.

If brand owners are in no way involved in or had any knowledge of these scams, what is the harm to them? Again, plenty. If not handled adeptly, any bad customer experience associated with their brand can significantly damage the reputation of their brands for years to come and the trust consumers have with those brands. If consumers are continuously annoyed by unwanted solicitations and junk mail, they will surely remember the event that triggered it all.

So, what can brand owners do? While these types of scams involving social networks are difficult if not impossible to prevent, several brand owners have taken proactive measures to warn and safeguard their customers against these scams. Some best practices that can be gleamed from their actions include:

• Report the scam to Facebook or other Web 2.0 site to have the scam removed. Facebook offers a process and complaint form for reporting trademark violations on its site.
• Warn consumers of the scam through various mediums, including:
  • the official company Facebook page (see Whole Foods example)
  • the corporate website (see Walmart example)
  • an official tweet on Twitter (see Whole Foods example)
  • the official company fan site (see IKEA example)
• Continuously monitor social media networks and other Web 2.0 platforms for new scams and respond swiftly

In addition to brandholder efforts, Facebook is also taking proactive measures to identify and shutdown these types of scams on its own and has started building an automated system to detect these types of scams before they are reported. It is clearly in the interest of Facebook and other social media sites to maintain a trusted and safe environment for their users.

Scammers are always coming up with new ploys, and the ongoing evolution of the Internet presents them new opportunities and angles. The challenge for brand owners is to be always vigilant of where and how their brands are being used online and to respond expediently and appropriately when these abuses do arise. In doing so, brand owners will not only preserve the integrity of their brands, but also the privacy and trust of their customers.