As the world’s 18th most visited website and 7th most frequented social network, it’s no surprise that Reddit also holds great allure for cybercriminals. Besides an endless number of legitimate subreddits, cute alien pictures as well as annual April Fool’s day events, Redditors may also encounter various kinds of fakery on the site, including scams that are after their data and money.
In this blogpost, we’ll look at a few common types of fraud that you should look out for when using a platform that until recently billed itself as “the front page of the Internet”.
Phishing is generally one of the most prevalent types of cyberattacks. Typically, it takes the form of an email or text message that poses as a legitimate request for your login credentials, credit card information or other personal data.
On Reddit, this kind of scam is spread mostly via private messages that forum moderators cannot read, which alone makes it easier for criminals to trick victims into clicking on dubious links and giving up their login credentials or downloading malware onto their devices.
In some phishing attacks, scammers send a huge number of messages that are often connected to current events and abuse, for example, community activism, such as when Reddit users who intend to gather for a protest may suddenly receive a fake link for the event.
To recognize phishing, read the whole message carefully, look for grammar mistakes, check the sender, and pay attention to links and unexpected attachments. If the domain seems legitimate but something about it feels off, you are probably the target of a phishing campaign.
This targeted and more sophisticated version of phishing relies on messages that are specially tailored for one person or a group of people, such as employees of a company. Active Redditors who reveal too much about their lives in subreddits or even on other sites may be particularly susceptible to this attack.
On a side note, a Reddit employee also fell for a targeted phishing scam in February 2023, which led to a security breach that let the attackers access employee data. The attackers had sent fake corporate messages to Reddit employees that pointed them to a phishing website resembling Reddit’s intranet gateway. The employee unwittingly gave away his login credentials, which allowed the scammers to gain access to the site’s internal documents, code, dashboards and business systems.
Reddit’s core feature is its ability to let people create their own discussion spaces known as “subreddits”, which are then overseen by moderators who make sure that users follow the rules.
This ultimately creates an environment where these discussion boards gain user trust. However, scammers always look for ways to exploit this trust, using bots that spawn new subreddits where basically everything is fake – moderators, subredditors and posts lifted from legitimate sources. The fake subreddits often pretend to be crypto trading forums, with their moderators impersonating legitimate traders.
Some Reddit forums are dedicated to charitable causes. Unfortunately, they may also become breeding grounds for scams as the subreddits attract fraudsters who pose as legitimate charity services and prey on the empathy of kind-hearted people.
For example, scammers have been spotted to abuse the r/Assistance subreddit, where people seek or request help in various life situations. In April 2020, its admins warned about scammers using fake profiles with CashApp tags beginning with $SuperGo**** or $Falco****** that impersonated legitimate assistance for transferring money to people in need. However, a number of well-intentioned unknowingly sent money to the fraudsters.
RELATED READING: Cash App fraud: 10 common scams to watch out for
“When giving, if you receive a PM from someone you believe you have been speaking with on an r/Assistance post—be sure to click through to their profile and verify that you’re messaging with the correct person before you send any assistance,” r/Assistance moderators wrote in a cautionary message in response to the ploy.
Scamming people in need
In fact, some scams also involve fraudsters trying to steal money even from people who don’t have much of it and are asking for help.
“This scammer makes and uses random, low-karma accounts that have very little, or no activity. They reach out privately to struggling users who have recently made requests and promise help, ask users for their banking information, or offer a check that ultimately will be returned—leaving the requester’s account in the negative,” reads a post in the r/Assistance subreddit.
One of the targets described the attack as an immediate response to her Reddit post. “Gosh, these scammers work fast! I posted something on the epilepsy subreddit about my mounting medical bills and moments later got a PM from wilstonb offering me a work from home job. ‘I can be of help financially with your debts’,” she wrote.
FURTHER READING: 8 common work-from-home scams to avoid
Reddit is also popular among the cryptocurrency community, catering to people who follow the latest trends in the crypto arena and seek advice on trading crypto.
However, these Redditors often voice their frustrations about messages that promise to double their investments or promote new currencies that guarantee unrealistically high profits. Those messages often come from organized groups that have obtained a huge amount of “shitcoins”, i.e. cryptocurrencies of low value, and try to sell them at inflated prices using online marketing campaigns. These “shills” often invade any popular cryptocurrency subreddit and annoy users.
To shield yourself from these scams, stick to a straightforward principle: Question anything that seems too good to be true. If somebody offers you extravagant profits or refunds for your losses, report them to the forum’s admins.
RELATED READING: Crypto scams: What to know and how to protect yourself
Now on to two different kinds of fakery.
Spam and upvoting rings
Spamming is a serious issue on Reddit, one that is exacerbated by well-organized groups that abuse the site’s voting system, create fabricated and possibly harmful content and then promote it on Reddit with the help of fake accounts. They promote clickbait articles with attention-grabbing headlines, but what you land on instead is poorly written content and loads of adverts. Despite lacking any substance, these articles amass plenty of upvotes and positive comments, which pushes them to top positions of the subreddit’s front page.
There’s a thriving market for Reddit upvotes, with prices ranging from $20 to $50 per 1,000 votes. If you come across a promoted article with an associated link that both seem suspicious, don’t click on it – report it to the subreddit’s admins instead.
Reddit relies on a karma system to distinguish between genuine and fraudulent accounts, but scammers have learned how to bypass it. They set up accounts copy and paste older legitimate content from Reddit, boosting their own karma score and posing as legitimate users.
In its Transparency Report 2022, Reddit revealed that admins and moderators removed 4% of content posted on the site in 2022. An overwhelming 80% of these removals were attributed to spam, particularly karma farming.
The emergence of AI-driven chatbots late last year made the situation even more difficult. In December 2022, the moderators of the popular r/AskHistorians subreddit noticed posts that they were clearly generated with the help of AI, Vice reported.
Identifying that the bot’s spammy answers were produced with ChatGPT wasn’t the problem – it was “that they were coming in so fast and so quick,” Sarah Gilbert, one of the forum’s moderators and a postdoctoral associate at Cornell University told Vice.
At the height of the attack, the forum was banning 75 accounts per day, over the course of three days. Before the fake accounts were shut down, they managed to spread ads for some video game.
In today’s digital age, scams have found their way into various corners of the internet, including popular platforms such as Reddit and other social media sites. Maintain your vigilance while using the site, beware of unsolicited messages and links, question anything that sounds too good to be true, and never overshare your personal information.
Regularly educate yourself about the latest schemes and stay updated on cybersecurity best practices. Knowledge is your strongest defense against scams. By remaining vigilant and cautious, you can enjoy what Reddit and other social media platforms have to offer while safeguarding yourself from fraud.