New Year, Same Scam: Lottery Winner Impersonation Accounts on Social Media
Jan 15, 2018 · 5 minute readimpersonationlotterysocial mediascams
On January 12, 2018, state lottery officials in Florida announced that Shane Missler, a 20-year-old from Port Richey had won the record-breaking jackpot of $451 million USD. As this news began circulating, scammers took to various social media sites to promote impersonation accounts claiming to be Mr. Missler offering cash rewards to new followers that performed certain actions.
Primer on Lottery Impersonators
The impersonation of lottery winners isn’t a new phenomenon. I’ve previously written about this same tactic in 2014 for the Symantec Security Response blog. Whenever there is a lottery jackpot that approaches hundreds of millions of dollars, scammers are quick to take notice. The opportunity also presents itself when it is unclear if the lottery winners have any sort of presence on social media. In 2014, many of the winners I found did not have a social presence, especially on Instagram, making it easier to impersonate them. In the case of Mr. Missler, he does have a presence on social media (follow him on Twitter and Instagram) but he remains unverified on both services.
Anatomy of Fake Lottery Impersonation Accounts
Most of these impersonation accounts use the same approach in order to gain followers quickly. They make the following set of requests after their accounts have been created:
1. Follow the impersonation accounts to boost their follower numbers
The most obvious request is to ask for a follow. The impersonation accounts typically specify that they will reward the first X number of followers with a cash reward ranging from $2,000 to $10,000 USD.
2. Tag friends in a post to increase the visibility of these accounts
This request is typically aimed at users of Instagram to help promote their posts to other users.
3. Repost or retweet to ensure eligibility
Following or tagging friends isn’t enough as the impersonation accounts will also ask users to repost or retweet their announcement in another effort to increase their visibility.
Notable Differences
Compared to the lottery impersonation scams in 2014, I have observed a few notable differences this year.
1. Receive money “instantly” by signing up for a service or buying product
On Twitter, two impersonation accounts used verbiage in their profile bios to encourage users to sign-up or purchase a product for an “INSTANT $2,000”
In the image above, one of the links directed users to sign-up for an account at Kucoin, a Chinese cryptocurrency exchange. Exchanges like Kucoin incentivize users to invite other users to their site by offering a cut of trading service fees for users that sign-up.
Another impersonation account linked followers to an Amazon.com product page for the Amazon Fire Stick. The link included an affiliate tag, which if used to purchase the item, would result in an affiliate bonus for the scammer.
2. Send a small amount of money to receive a larger amount back
Several impersonation accounts on Instagram are encouraging users to send money to them in order to receive money in return at a premium using services like Paypal and Square Cash. For example, one impersonator posted an image offering a tiered set of offers for payments:
This appears to be a way to steal money from unsuspecting users through the promise of “verifying” a payment.
3. Asking followers to call out other impersonation accounts
In a weird twist, I encountered several impersonation accounts asking their followers to comment on posts by other impersonation accounts to persuade their followers that those accounts were fake.
4. Promoting Snapchat accounts and YouTube music videos
A few impersonation accounts I discovered were plugging fake Shane Missler Snapchat accounts in an effort to request money from their followers. For example, one fake Snapchat account posted stories on their account requesting an exchange of $50 in order to receive $10,000, preying on gullible users.
The YouTube music video on the bio of one impersonation accounts is an effort to promote the music of an unsigned artist.
Breakdown of Account Distribution and Followers
Through Twitter and Instagram, these impersonators have amassed over 400,000 followers across 27 accounts leaning heavily towards Instagram over Twitter.
A breakdown of the top 10 fake accounts across both services:
| Username | Service | Followers |
|---|---|---|
| @radboyshane | 142,000 | |
| @shanemisslerliving_ | 116,000 | |
| @thereal_shanemissler | 38,900 | |
| @misler_shane | 41,000 | |
| @iamshanemissler | 32,700 | |
| @shanemisslerig | 10,200 | |
| @shane_missler_rich | 10,000 | |
| @thereal.shanemissler | 9,895 | |
| @shanemissler450 | 8,177 | |
| @ShaneMissIer | 5,198 |
Goal of Impersonation Accounts
If you’re wondering what the goal of these impersonation accounts is, they typically fall into one of two categories: personal use or resale.
Account Pivot for Personal Use
More often than not, these impersonation accounts will eventually undergo what I’ve coined as an account pivot. The avatar, name, and images associated with Shane Missler will disappear, replaced by the real account owners photos and name. It’s the most natural way capitalize on their efforts of amassing a large following. This may also explain why one of the impersonation accounts is promoting a YouTube video of an unsigned artist.
Account Offered For Resale
Outside of pivoting the account for personal use, the impersonation accounts can be sold to someone else, who can convert it for their own personal use. This way the scammers can make a little extra money with the account besides their efforts to make money off of their followers.
Don’t Promote These Impersonators
I’ve seen tweets and comments from users who know these are impersonation accounts yet they feel it is harmless to promote these accounts by retweeting or tagging friends in posts. What they fail to recognize is that by promoting these accounts, they could rope in others who may be more susceptible to sending money or signing up and buying a product through affiliate links, furthering these scammers efforts to capitalize monetarily. Free stuff, especially on social media, isn’t really free. My recommendation is to be skeptical because if it sounds too good to be true, it most likely is.
The best thing to do when you come across these lottery impersonation accounts is to report them to Twitter and Instagram. If enough people report these accounts, the more likely it is that Twitter and Instagram will see these as fraudulent accounts and appropriate action will be taken to remove them.
While this isn’t the first time scammers have capitalized on impersonating lottery winners, this incident shows why it certainly won’t be the last.