Nick Tearle, MD at E1 Media
In recent weeks we have seen one of our clients, Noisily Festival, targeted by a sophisticated Facebook phishing scam. They’re not the only ones either. It’s affecting a whole host of other festivals too – we’ve found fake pages and listings that appear to have applied the same tactics for Lost Horizon, Download, Wireless, Reading, Creamfields and Latitude, to name a few.
The attack we experienced was fairly benign when it started with harmless-looking fake pages and events appearing. However, we then noticed the intensity of the attack grew as the festival’s fundraising campaign came to a head, with those fake pages commenting on Noisily’s real pages, complete with bogus links to enter card details. This is something which needs to be addressed and combatted early on to avoid escalated attempts to trick fans.
We have gathered some top tips on how to spot this attack and also identified some preventative measures you can put in place in order to help protect this already suffering sector.
What is the scam?
E1 has been working closely with Noisily to help raise funds to secure the festival’s future. For such an amazing show to have been hit hard by the effects of enforced social distancing was devastating and we, along with all of the festivals’ team, friends, family and partners poured months of hard work into raising the money it needed to survive into 2021 and beyond.
Part of this campaign included the launch of a live stream on Sunday 12th July for fans to enjoy and engage with. However, what should have been a day to celebrate instead suffered at the hands of scam artists, who were creating multiple fake Noisily festival pages, sharing fake links, duplicating posts and copy, and commenting as the brand across posts and events.
Over the last few weeks, we had to delete 300+ posts, 500+ comments – all of which was obviously incredibly time consuming. In some cases, commenting had to be disabled, impairing engagement and potentially further awareness and fundraising.
Worst of all, this activity tricked fans into entering their card details on bogus charity donation pages. These attackers, going after an industry that is already on its knees, need to be stopped.
More than 15 fake Noisily pages had also been reported to Facebook. Despite this, the scammers have consistently found a way to re-target their communications.
How to spot it?
As an industry, especially now, we need to be aware of what to look out for when it comes to attacks like this, to avoid companies and their audiences falling foul.
Warning signs to spot can include:
- Search for your Facebook page name and/or event in the Facebook search bar and look for other pages with the same name.
- Pages of the same name as yours requesting to co-host your event, or you to co-host theirs.
- Try searching your event name, and filter to pages.
- New Facebook profiles that have been created in the last month.
- Pages with no interests in common to your festival.
- Pages not in this country; many of the requests we have found are coming from Bangladesh.
- Posting the odd word in your event to look legitimate before then moving in with a live stream post.
How to counter it?
The past few weeks have taught us not only what to look out for, but also how to counter scams like this and how other businesses can work to protect their events. This includes:
- Turning off commenting on your posts. Do remember, this also stops comments from your fan base which would usually be encouraged.
- Proactively monitor your Facebook activity, comments and posts. This will require your team to monitor and review the posts and comments that are coming in to ensure no spam comments are getting through.
- Make sure you are keeping track of your entire Facebook page – including comments and posts in your event, those on your Facebook wall, in your Facebook community groups, and on every social post you create.
- Blocking specific words and turning on the profanity filter for your event page will aid this process. You can do this in ‘General’ in your page’s settings.
- Any suspicious posts or comments found need to be flagged to Facebook, reported and banned.
- Hide or delete any spam comments. Hiding them will allow you to keep track of how many you have received, but your followers won’t be able to see them.
- Ban any usernames/fake profiles you find commenting or posting on your page.
- Make sure your Facebook community groups have ‘membership approval’ on – be vigilant with who joins these. If they have no existing friends within the community, a brand-new Facebook page and in another country.
- Reporting the pages will help Facebook keep track of them. You can see how to do this here.
- Also report to Action Fraud. As the more reports they receive, the quicker this situation will be dealt with for our community.
When it comes to hosting an online event, the industry shouldn’t be deterred by these attackers. And it definitely shouldn’t take away from the months of hard work put in by festival production teams and partners. Instead, we need to ensure we are communicating with Facebook when any unusual behaviour is detected and be extremely vigilant around the time of any live streams you have announced on socials, as well as the event date itself. Adhering to this will help combat any upcoming potential threats, and also help to future-proof our industry.