Threat Intelligence Blog

Posted October 1, 2012

Five Tips to Spot Promotional Scams and How to Ensure Your Promotion is Legal

Sweepstakes and promotional scams are a common method of defrauding people. “If it seems too good to be true… it generally is.” You receive an email asking you to sign up or telling you you’ve already won. The prize? Malware.

This phenomenon affects companies and individuals alike. Such social engineering scams are widely used by cyber criminals. With the goals of these scams being anything from quiet theft of information, outright system shut down, or garnering money companies must be aware of the threat posed to their infrastructure.

Here are a few signs that the promotion you received is a scam:

  1. You won…but we need payment to send the prize to you. Legitimate sweepstakes do not require money to receive the prize.
  2. You must act within the next 24 hour to claim your prize. Using a sense of urgency to get someone to act is a common tactic in promotional scams and phishing emails alike.
  3. You have been sent a gift card, click here to redeem your prize. Be wary of gift cards where no sender is mentioned. If someone sent you a gift, they will identify themselves.
  4. You have been randomly selected and won a prize from a major retailer, click here to get your prize. Before you click on that link, check with the retailer. Chances are it is a scam.
  5. You are winner from!!! Popular brands are often used to lure potential victims. Look out for misspelled brand names, brand names paired with other words, and multiple brand names grouped together.

There are numerous resources that can help distinguish scammers from real promotional contests. Listed below are a few websites that provide scam information. However, new scammers pop up every day so these sites are not exhaustive.

General scam websites:,,,,

Government websites:,,,

Phone scam websites:,,,

Arming employees with the information necessary to recognize the warning signs of a sweepstakes scam will help your company avoid a scam. Employees must become knowledgeable enough to know how to tell legitimate wins from scams.

Are your own company’s promotional contests legal?

Employees falling prey to promotional scams are not a company’s only concern as it relates to promotional contests. Companies are developing increasingly creative ways to drive traffic to their websites and social media pages. Promotional contests have become common in marketing and public relations campaigns to increase site traffic and engage users. These contests tend to be successful and garner a lot of attention for companies.

However, companies should be careful of “’Like’ My Company, Win a Prize” and other similar social media based promotions. Promotional contests and giveaways are regulated by federal and state laws, but generally the parameters focus on lotteries (which are illegal unless state-run) and sweepstakes.

It is important to understand the difference between lotteries and sweepstakes. A lottery involves elements of (1) chance, (2) a prize, and (3) consideration; while sweepstakes only involve elements of (1) chance, and (2) a prize. Sweepstakes are usually random prize drawings where the winner is selected by chance rather than by skill. Companies must make sure there is no consideration (usually an exchange of money) to avoid falling within the legal definition of a lottery.

Beyond ensuring that your contest is not considered a lottery there are a series of laws regulating sweepstakes. In order to operate legally and across the patchwork of regulations, sweepstakes rules and terms should be clear and complete, and should contain these elements:

  • A statement that no purchase is necessary to enter or win
  • Details of entry procedures
  • Any limits on the number of times a person can enter or persons who can participate – In certain jurisdictions you are not allowed to run a sweepstakes, you must ensure that individuals in such countries (currently Belgium, Norway, Sweden and India – according to Facebook) cannot enter
  • The closing date of the sweepstakes and any other relevant deadlines
  • Free options for participation (which must be treated with equal opportunity as any paid or product-based options)

Companies must reference all state and federal regulations and website terms of service. With the exception of Google+, which does not allow promotional contests, each platform has its own site-specific promotional contest rules, in addition to those put in place by states and the Federal Trade Commission. Failure to comply with platform guidelines can result in removal of the company page.

Facebook guidelines

Twitter guidelines

Make sure that your company is aware of all the regulations that can affect the legality and appropriateness of your promotional contests. Social media presents a number of legal pitfalls for companies. In response to the need for additional information, Cyveillance released a Social Media Policy Guidebook. The Guidebook provides recommendations and sample policy language to guide you as you draft your company’s social media policy and highlights other legal considerations as your company navigates social media platforms.

Further Reading on Social Engineering Attacks in the Office


Additional Posts

The Aftermath of a Tragedy: Top 10 Security Concerns

In the aftermath of tragedy (natural or man-made), people are struggling to comprehend what has ...

Corporate Social Media Policy: Top 5 Recommendations

Many employers have begun to realize that they need to regulate the usage of social media by ...