Keeping Yourself Safe: Social Media Account Scams

Keeping Yourself Safe: Social Media Account Scams

Shakepay has developed this material to make customers aware that scammers are always looking for new ways to part you from your money. The case study below highlights some of the risks of transacting with crypto. We hope that you will be vigilant before sending any crypto out of your Shakepay account. Remember, crypto transactions are different from traditional bank transfers and are irreversible.

These case studies are intended as educational content. If you are concerned about a potential scam, please contact Shakepay customer support.


Scam Type: Hacked social media accounts

Scammers will message you from hacked social media accounts to pose as people that you know and trust, so that you’re less likely to be suspicious of them and more likely to act on their requests. Here’s how it may happen:

Rachel and Peter are good friends in real life and have known each other since high school.  One afternoon, while on Instagram, Peter gets a message from Rachel.  The message includes a link to the Shakepay website telling Peter to sign up for an account.  Peter messages Rachel to make sure the message is legit.  She quickly responds that yes it is real and she asks Peter to open an account so that she can show him how to make money.

He opens an account and asks Rachel what he should do next.  She tells him to invest in an exchange that seems real but is actually fake and known to scam innocent people. Without doing some due diligence, Peter sends the crypto he bought on Shakepay to the fake exchange hoping to get a big profit next week.

A week later, he hasn’t received any money and sends a message to the exchange.  When he doesn’t hear back from the exchange, he messages Rachel asking her if she knows anything. Rachel responds saying her Instagram account was hacked and that scammers were sending messages to all her friends.  She just recovered access to her account. At this point Peter realizes that he was scammed.

This scam is very similar to one Shakepay previously posted on imposters and people posing as loved ones on social media.  The biggest difference is that in this case the account actually belongs to a known friend or family member but has been hacked by a scammer.

Here’s what you can do to protect yourself and your money.

Do:

  • Before responding to any message related to money or sensitive information, please reach out to the real person using a different channel of communication like a text or phone call.
  • Before using cryptocurrencies do your own research (through legitimate sources) on how it works and the risks associated with it.

Don’t

  • Please do not send any cryptocurrency or share your private keys.
  • Please do not click on links provided in private messages since they can be malicious.

Scam Type: Ransomware to release hijacked social media accounts

Scammers may hack one of your social media accounts and hold it for ransom. To do this, they change the password and email address associated with the account, making it inaccessible to you. Here’s how that could look:

Heady uses her Instagram account all the time and regularly posts pictures of the things she cooks. One morning she tries to open the Instagram app but gets an error.  She tries to login again but sees an error message saying her username or password is incorrect. She tries to reset her password but never receives the password-reset email from Instagram. Later that day, Heady receives a text message saying her account has been hacked and she will need to send the hacker bitcoin to regain access to her account.  The text tells her to open a Shakepay account and to send 0.1 BTC to the hacker’s bitcoin wallet before the hacker gives her the new password.  In other words, the hacker has hijacked Heady’s Instagram account and is demanding she pay ransom in order to regain access to the account.

Here’s what you can do to protect yourself and your money.

Do:

  • Contact the customer support of the affected social media platform directly and explain what happened.
  • Configure all social media accounts to have two factor authentication (2FA) if possible.

Don’t:

  • Please do not negotiate with the hacker for a lower price.
  • Never pay the ransom since there is no guarantee that the hacker will provide the password.
  • Please do not open a Shakepay or other crypto account based on instructions from an untrusted third party.