Cyber Security For Artists

Welcome to 2024!

In recent months I have seen an increase in cybersecurity attacks aimed directly at artists which I think it might be helpful to spotlight here for other working artists in the community. I would like to share some knowledge and caution other folks when being approached by messages like these as they can be convincing and lead to loss of business or social media pages by being compromised.

Scenario A - The Facebook Scam

Like many working artists and other independent artisans I am reliant on the functionality of social media pages to reach audiences. These pages become a real life line for keeping supporters engaged and updated with your work and sometimes can lead to direct sales of your work.

In the last few months a new phishing scam has been specifically targeting smaller Facebook pages (typically run by small business or artists) It starts with a message similar to this:

Now this can look pretty scary and daunting looking at a message like this initially. There are some key things to look for when someone is trying to phish you that I would recommend starting with.

1. How did you receive this message?

When I received this same notification it was through a Facebook direct message from the name User(insert string of random characters here). This was my first red flag as it did not come directly to any of my Pages that I manage but directly to me and it was not from a Facebook Support account or any named individual. Suspicious. Any notification like this would normally come through email from a more legitimate sender that would actually represent the social media platform. There are other ways nefarious senders try to mimic those emails too but more on that later.

2. The contents of the message?

Note the date of the account deletion is way in the past (2021? hello?) I also noticed only giving 2 days response time for any related inquiries also seems like a stretch and its a tactic to create a sense of urgency with the receiver. Another huge red flag is this strange url that they include in the email to “appeal” your page deletion. If you hover over that link it resolves to something completely different in the lower left corner of the browser (if you are on a computer.)

For fun lets see what this link looks like below:

Here is the page. The phishing scammers have tried to replicate the colors, fonts and feel of a legitimate Facebook page or article which I’m sure they lifted to some degree from actual pages. The biggest clue for this being a phishing page is that the url in the top bar has drastically changed to a different string of characters. This combined with the only working button on this landing page is to file an appeal. Once you follow that it leads to a form where they are directly trying to capture data from you to breach accounts and get you locked out.

While some of the language that they use can sound very official and scary, its important to double and triple check threats and alerts like this. When in doubt, I would suggest even simply copying the message you receive and searching on google for it. Chances are someone else has already come across this scam and reported it. To read more about this scam, I’d suggest this article, it was informative when I ran into this late in 2023.

Scenario B - The Scam Show

Ah this one is a newer scam but becoming a classic. Like many of you I use social media to get information on upcoming art shows, conventions and other pop up markets. I am reliant on fellow artists as well to give feedback about these shows and tips when engaging to become a vendor.

A new trend I experienced in 2023 was someone messaging me pretending to be the show organizer to scam me out of some tabling money for an event they couldnt speak to. I’m comfortable sharing some of my exchanges below:

So with this I reflect on my original reasoning when getting into some messaging like this. In this scenario this user asked me to message them directly, I wasnt aware of the original organizer for the show in question so I did not question it. However when starting to engage in conversation with this user it was clear they werent legitimate.

1. what is this scammer saying?

The scammer is sending some basic info along about table costs but when I follow up to ask them when the show even is they dodge the question and dont acknowledge it. This is a huge red flag as promoters tend to share ALL the info with you up front including costs and usually more information. I thought maybe this was an oversight so I ask the question again and it gets ignored. Huge red flag.

2. Other red flags

The scammer continues their game and eventually asks for payment immediately through Paypal friends and family. Second huge red flag. Friends and Family payments through paypal arent protected for fraud or scams like Goods and Services payments are. In other words if I agreed to send Friends and Family, discovered this person scammed me I wouldnt be able to dispute the payment and get a refund. Truly shitty behavior but then again this is a scammer so I cant expect much. At this point in my messaging I called it and told this person I was no longer interested. As another step I messaged the email address on the event page and let them know what I was experiencing and just wanted to confirm if it was them I was speaking with. Thankfully they responded quickly and affirmed my assumption. Another scammer bullet dodged!

Scenario C - The Gram Scam

this scenario was pretty similar to the above but on Instagram. I get a message asking if I’m available for commissions and the sender actually comes across as legitimate for a large portion of communication. I get the sense there are some language barriers here so I am patient and ask some of the same questions I normally ask when taking on any new clients for a job.

As you can probably see there are several of the same asks and exchange for information. Ultimately this scammer sent a screen shot of their paypal “payment” which was not legit. They then asked me to send them money as a test through paypal.
2 Red flags in a row is enough for me to finally call them out on their scam at the very end of the message. When in doubt verbally affirm you are doubtful of the legitimacy of the transaction. Needless to say the user saw my message and within a week the account was deactivated. I’m sure it also helped that I reported the account as a spam account.

———

I hope this peek behind the curtain was informative and helpful for any readers. I am also very willing to provide some support or insight if you are a victim of any phishing attacks like these, feel free to drop me an email or message directly, just no Paypal Friends and Family requests!

thanks for reading

BGorski 2024.