But that feeling is exactly what scammers and sometimes even well-intentioned employees rely on.

As more brands extend their presence onto social platforms, the line between legitimate digital commerce and sophisticated threat activity has become increasingly blurred. Based on over 100 real-world investigations into brand misuse and online fraud, here are five dangers consumers need to understand before shopping through social media and how to recognise them early.

1. The helpful employee who puts you at risk

One of the most overlooked online threats does not come from obvious scammers, but from genuine employees operating outside company policy.
In multiple cases, employees attempted to ‘help’ customers by advertising products on their personal Facebook profiles or Marketplace listings, often to meet sales targets or attract new clients. While the intent may not always be malicious, the risk is very real.

Typically, these employees:

• Post official, copyrighted product catalogues on personal social media accounts.
• Move conversations from public posts into private WhatsApp chats.
• Arrange calls from real store branches to reinforce legitimacy.

The danger lies in the process. Once the interaction moves outside official, monitored systems, customers are exposed to serious data and financial risk.
In one investigation, a customer received a call from a number identified as a Beares store landline, which created immediate trust. However, the number differed from the officially published contact details, and the entire sales process had already taken place through unauthorised channels. Personal information was being requested outside of approved systems, creating clear data-protection concerns.

My professional note in this matter:

Legitimacy is being borrowed, not earned. A real store number can make an unsafe process seem secure, but if the journey started outside official channels, the risk remains.

2. The rise of the fake ‘Fan Page’ giveaway

Fake brand pages are one of the fastest-growing social media threats. Pages with names like ‘Beares SA Fans’ or ‘Best Home & Electric Fans’ closely mimic official brand pages. They reuse logos, product imagery, and campaign visuals to build immediate trust.

The most common hook is the fake giveaway.

In a typical case:

1. Users are asked to comment on a post to ‘enter’.
2. They are then privately messaged and instructed to share the post into 10–15 groups within minutes.
3. The promise of a prize is never fulfilled; the goal is engagement farming.

This tactic spreads rapidly, as it exploits excitement, urgency, and social proof. Even when these pages are removed, the same operators often recreate them under new names, repeating the cycle.

My thoughts: If a ‘giveaway’ requires rapid sharing into multiple groups to qualify, it isn’t a promotion, it’s a distribution strategy for a scam.

3. Your personal data is the real prize

Products are rarely the end goal. Your personal information is. Across numerous investigations, both scammers and non-compliant employees requested:

• Payslips.
• Bank statements.
• ID documents.
• Home and work addresses.

These requests almost always occurred on unsecured platforms such as WhatsApp, Facebook Messenger, or third-party survey links.

In one case, a customer was asked to submit ID documents and bank statements via WhatsApp to ‘apply for credit’. That data could easily be reused for identity theft, fraudulent credit applications, or sold on criminal marketplaces.

This behaviour not only exposes consumers to serious harm, but also violates data-protection regulations such as the POPI Act, which exists specifically to prevent personal information from being handled in this way.

My thoughts: Ravenwatch is well positioned to assist small, medium and large companies.

4. The scammer who asks for payment to a personal bank account

Examples include:

• Requests for EFT payments into personal Capitec or FNB accounts.
• Refusal to issue invoices until payment is made.
• Claims that personal payment is ‘faster’ or ‘discounted’.

Legitimate businesses do not accept payments into individual accounts. Yet this tactic is repeatedly used by scammers and, in some cases, employees acting outside policy. In one case, a scammer refused to provide an invoice until payment was received. In another, a confirmed employee shared personal banking details over WhatsApp to secure a sale.

Red flag:

Personal bank account = personal risk. Once money leaves official systems, consumer protection ends.

5. The dangerous grey area: When you can’t tell who’s real

The most sophisticated threat is not a single tactic, but a combination of them. Scammers and rogue employees increasingly create a grey area by mixing:

• Unauthorised social media activity.
• Legitimate brand assets.
• Real store contact points.

In one investigation, a Marketplace ad led a customer to WhatsApp, then to a fraudulent credit application before a call arrived from a real store landline to legitimise the process. In another, a confirmed employee collaborated with an external individual to route customers from unofficial ads into the store. This blending of real and fake makes verification extremely difficult for consumers.

Final thoughts and takeaways

Social media has become an informal storefront.

Facebook Marketplace, community groups, and DMs now sit alongside official e-commerce channels. But after reviewing over 100 real brand-protection investigations, one thing is clear: The biggest risk isn’t always scammers; it’s blurred boundaries.

What we’re seeing:

1. Real employees, wrong channels

Well-intentioned staff often post catalogues on personal profiles or move customers to WhatsApp to ‘help’. The moment this happens, official safeguards disappear. Customers assume legitimacy, but the process is no longer secure.

2. Fake ‘Fan Pages’ scale faster than ads

Cloned brand pages run fake giveaways to harvest engagement and data. Even when taken down, they reappear under new names. The goal isn’t the prize; it’s reach and trust.

3. Data is the real currency

Payslips, IDs, bank statements are routinely requested via WhatsApp or third-party forms. Once shared, that data is outside compliance, outside audit, and outside consumer protection.

4. Personal bank accounts = no protection

Whether it’s a scammer or a rogue employee, payment to a personal account is a hard stop. Legitimate businesses don’t operate this way.

5. The grey zone is the most dangerous

The most convincing fraud mixes unofficial activity with real brand assets: a store landline, a genuine logo, a familiar name. One legitimate touchpoint is often enough to disarm scepticism.

What businesses need to consider:

This isn’t just a fraud issue. It’s a governance issue.

Today, brand trust is shaped as much by internal behaviour as external threats. If customers can’t clearly tell where official engagement begins and ends, risk fills the gap.

Trust the process-not the DM. Contact Ravenwatch by Offernet for an obligation-free report on your brand for your SME.