Security warnings as "10 Concerts" lists, free coupon scams go viral on Facebook

Facebook's login page on a computer screen.

Getty Images

Concert-goers and shoppers are being warned about two unusual security risks on Facebook that have been going viral in the past few weeks.

One involves fake coupons claiming to offer deals ahead of Mother's Day, which have been directing users to a survey site intended to steal information. 

The other seems like a simple game, posting the names of 10 concerts you've been to, including one that is actually a lie. Friends are supposed to guess which concert is the lie. Seems harmless, right?

Well, it turns out this fun little game could actually have unintended security consequences, according to experts.

Here's what you need to know about the two trends circulating the social media site:

Free coupons offering Mother's Day specials

Do those free $50-$75 off coupons to major retailers ahead of Mother's Day sound too good to be true? That's because they are — as some Facebook users are finding out the hard way.

Last week, a free $50 off coupon for Lowe's Home Improvement was making the rounds on the social networking site. "LOWE'S is giving Free $50 coupons for EVERYONE! to celebrate Mother's Day!" the coupon read.

Lowe's confirmed the coupon is a fake and warned customers that it is most likely a phishing scam used to gather information. 

screen-shot-2017-05-01-at-4-22-54-pm.png

Don't click on this Lowe's coupon; the company says it's a phishing scam.

Lowe's/Facebook

"Please be careful when responding to any pop-up ad either online or via social media; as, more often than not, the offer of gift cards or other prizes to customer's in the guise of a specific company are set up to get your personal information for nefarious purposes," the company said in a statement online.

Now, another fake offer has been making the rounds — $75 off at Bed Bath & Beyond.

"We know some of our customers are excited about this $75 offer circulating on Facebook. However, we all know some things are too good to be true!" the retail giant warned on Facebook. "We are sorry for any confusion and disappointment this fake coupon has caused."

We know some of our customers are excited about this $75 offer circulating on Facebook. However, we all know some things...

Posted by Bed Bath & Beyond on Friday, April 28, 2017

Bed Bath & Beyond said they are partnering with Facebook to have the coupons removed. Facebook has not yet returned CBS News' request for comment.

Friendly reminder: Facebook advises users do two things if they spot a fake ad
  1. If you suspect a post is fake, whether you simply believe it is false or click through it and notice something seems off, report the actual post to Facebook so the company can learn more about it.
  2. If you click on one of these posts and realize it's not real, exit the page. Be wary of pages that ask you for credentials, and never put in personal information on sites that pop up unexpectedly.

If you happen to click on a hoax ad – like the one above – don't worry, that doesn't mean you're at risk of getting hacked. Only users who enter their personal information are at risk.

The "10 Concerts I've Been To, One is a Lie" Facebook list

"I love this!" Facebook users write as they post a game that has become wildly popular on the site: "10 concerts, but there is one act that I haven't seen live. Which is it?" 

While it may be fun to read your friends' wild guesses, a cybersecurity expert warns users to think twice before posting.

screen-shot-2017-05-01-at-4-47-28-pm.png

An example of a "10 Concerts" list posted by a Facebook user.

Facebook/Screenshot

Cybersecurity consultant Joseph Ingemi says users who participate are giving away personal information to others, CBS Philly reports.

"The first thing that came to mind was a phishing attack where they could see your preferences and probably glean some demographics info from your band preference and send an email that says something like free tickets to whatever band you said you liked," Ingemi explained. "You click on it and then you've downloaded malware or a virus and they have access to your network."

Hackers could then get into your account by resetting your password.

"When you forget your password to various things, one of the [security] questions is what was the first concert you ever attended," Ingemi said. "Well, if you have that list you could do some reverse engineering to figure out what might have been the first concert."

If you want to participate and you're concerned about the security risks, Ingemi recommends setting your privacy settings to "Friends Only," preventing strangers — and potential hackers — from accessing that valuable information.