When Chris Mazzocco saw that Bill Pulte — a real estate magnate and the self-proclaimed inventor of “Twitter philanthropy” — was giving away thousands of dollars just for following and retweeting him, he thought it might just be his chance to get out of debt. The 34-year-old college student was already behind on rent and credit card payments. Then, he lost his job as a graphic designer during the pandemic.
“I had no way to pay my bills. My bank account was negative. I didn’t know what to do,” said Mazzocco, who lives in Pittsburgh.
That’s why he started tweeting at Pulte, sometimes as often as twice a day. But he didn’t realize he was also opening himself up to scammers, one of whom would end up leaving him $2,000 in the hole.
Right now, nearly half the adult U.S. population is out of a job. To make matters worse, the CARES Act — which gives 30 million Americans an additional $600 in weekly unemployment benefits — is due to expire next week, around the same time rent is due.
Short on income and options, people are turning to social media for help. They’re tweeting at high-profile people like Pulte, rapper Megan Thee Stallion, and beauty guru Jeffree Star — as well as noteworthy brands like Cash App, a mobile payment service founded by Twitter CEO Jack Dorsey. In March, Cash App started doing weekly giveaways, known as #cashappfriday, but Twitter users had to be following @CashApp and retweeting their posts to qualify for some of their prizes.
Celebrities and brands like this might have the most altruistic intentions when offering financial aid in exchange for follows and retweets, but this kind of “philanthropy” is hurting more people than it helps. A few lucky internet users may receive donations, but many more get scammed in the process. The giveaways essentially give cybercriminals a database of the people hit hardest by the pandemic. They’ll go through retweets or comments to find exactly who they want to target and slide into that person’s direct messages or inbox claiming to be someone affiliated with the philanthropist’s organization — or just a good Samaritan.
From there, scammers can leverage the information they have on vulnerable victims to win their trust and convince them to fall for one of their fraudulent payment schemes. Sometimes con artists go so far as to hack high-profile people’s social media accounts.
Just last week, some of the world’s most famous people got hacked: Joe Biden, Elon Musk, Bill Gates, and Barack Obama, the most followed person on Twitter, to name just a few.
The cybercriminals used the celebrities’ and politicians’ identities to bait people into falling for one of the most common giveaway scams on social media: money-flipping, or promising a huge payout in exchange for a small fee in advance. They promised financial help because of the pandemic but ended up stealing almost $160,000 worth of Bitcoin, according to data compiled for VICE News by Delphi Digital.
“Any time there's money and there's an interconnectivity of people, there's going to be scammers. As that increases, there's going to be more avenues for scammers to get in,” said Joseph Magliocca, Information Training & Awareness Coordinator at Carnegie Mellon University and member of CyLab, the university's security and privacy research institute.
That’s exactly what happened to Mazzocco. He retweeted Pulte in February and almost immediately received a direct message from someone he didn’t know who claimed to be affiliated with Pulte’s Twitter philanthropy movement.
“He said he saw my tweets and wanted to help me out,” Mazzocco explained. “I was skeptical and reluctant to do it, but I’m a freshman in my thirties, and I have no money. My situation forced me to take a chance I normally wouldn’t.”
The mystery man offered to send Mazzocco $3,000, but there was a catch: Mazzocco had to send some of that money to other people in need via Cash App. He was told this was a “pay-it-forward” style of philanthropy. In actuality, it was a money-mule scam, or when a scammer uses someone to move stolen funds. Mazzocco did it and ended up losing over $2,000.
Pulte has been doing these social media giveaways for years, but it wasn’t until March — when COVID-19 cases first peaked — that celebrities like Megan Thee Stallion and Star jumped on the bandwagon (neither responded for comment). Since then, scams have been on the rise.
The FTC reported receiving almost one million total scam complaints in the second quarter of this year. That’s up more than 100,000 from the same period last year, and it’s the highest number in at least five years. The FBI anticipates that America’s increased usage of “online environments” will lead to more cybercrime during the pandemic.
One of those techniques is called spear-phishing — or a targeted attack on a specific person. The objective of spear phishing is to gather as much intelligence on someone as possible. Fraudsters will use this information to manipulate their victims, or worse, steal their identities. It’s a top weapon of choice among social media con artists because it requires next to no effort on their part, especially if users have public profiles and post their Cash App handles, also known as “Cashtags.”
“Every part of my body tenses up when I hear about people posting their ‘$Cashtags’ on Twitter,” said Paige Hanson, chief of Cyber Safety Education at NortonLifeLock. “It’s connected to your bank account. You should treat it like any other piece of sensitive information such as your social security number or passwords. You don’t know what other information scammers have on you.”
Aly Collins, a 31-year-old unemployed project manager from Harrisburg, Pennsylvania, didn’t realize that when she included her $Cashtag and other personal information in her tweets to Pulte. As a result, she got bombarded by scammers hoping to capitalize on her naivete.
The most bizarre DM came from a guy asking her to buy him $5,000 worth of Amazon gift cards in exchange for $300. The FTC says that gift cards are popular among scammers because they’re like cash: If someone buys a gift card for a scammer, they can count on never seeing that money again.
The scammer said he was going to give them to a charity, but Collins knew that wasn’t the truth. When she called him out, he suddenly went radio silent and blocked her.
Luckily, Collins never handed over the money, but not everyone makes the right call. So who’s helping the victims? The short answer is no one. They can contact Cash App customer support, but that doesn’t mean they’re going to get their money back. In fact, that's exactly what Mazzocco did after realizing he’d been scammed, but at that point it was too late.
Cash App advised him to contact his bank, as did the local police, but he’d already done that. His bank said there was nothing they could do. That’s because banks treat fraudulent mobile payments like they’re fake checks. As the FTC explains it, banks make funds from checks and mobile deposits available within days, but it can take weeks before they learn the money is fraudulent. If a scammer already spent that money, the person who sent it is still responsible for repaying the bank.
Social media “philanthropists,” like Pulte, also aren’t assuming responsibility because they don’t think they’ve done anything wrong. In reality, they have: Giveaway promotions — philanthropic or not — are banned on Facebook and Instagram. Speaking on behalf of both companies, Facebook spokesperson Roya Winner said, “If we see this type of content, we’ll remove it.”
But Twitter doesn’t have the same policies. When asked for comment, a spokesperson referred VICE News to the platform's guidelines, which confirmed it allows giveaways.
Facebook and Instagram also have their own charitable-giving tools; that way they keep the entire philanthropy process in-house. On Tuesday, Instagram announced that it’s testing out a new feature on its platform that will allow users in the U.S., the U.K., and Ireland to start their own “personal cause” fundraisers and donate to them. Previously, users could only donate to registered nonprofits.
Facebook’s had these fundraising features in place for the last half-decade, and over that time, more than 45 million users raised about $3 billion. Their fundraising tools protect both givers and receivers of donations because all nonprofits and personal causes must go through a lengthy approval and vetting process before they’re allowed to start accepting any money.
The money that’s been lost to COVID-related scams so far this year is no small amount: over $90 million, according to the FTC. If social media companies like Twitter don’t do their part in safeguarding users from cybercrime, like philanthropy scams, expect more of them to occur.
Cover: Screenshot via Megan Thee Stallion’s Twitter made with Canva.