Secret Sister

Secret Sister scam returns in time for Christmas

The festive season may be imminent, but it’s a Facebook Secret Sister (not Santa) you have to steer clear of. Secret Sister has been a mainstay of Yuletide scams since at least 2015, and has come back around once more. But what is it?

Your office probably has a Secret Santa scheme in place. You draw names from a hat, and you secretly buy the named person a gift. It’s all pretty straightforward, and a great source of unwanted deodorants and novelty kitchenware. Secret Sister isn’t quite as nice, and could drop you in a great deal of trouble. You probably won’t even get your hands on the deodorant.

How the scam works

Usually, chain letters of the Secret Sister variety are jammed through your front door. In this case, the chain letter lands in your digital mailbox as opposed your real one. You could in theory receive one of these anywhere, and people have reported receiving them on everywhere from Reddit and Facebook to various social portals and forums. For whatever reason, Facebook seems to be the scammer’s favourite place to get the ball rolling on this particular scam. The possibility of being able to send it pinging around large social connection chains is too good to resist.

Secret Sister sample 

The messages can vary wildly, but one of the most popular ones going back a year or so reads as follows:

Anyone interested in a Holiday Gift exchange? I don’t care where you live – you are welcome to join. I need 6 (or more) ladies of any age to participate in a secret sister gift exchange. You only have to buy ONE gift valued at $10 or more and send it to one secret sister and you will receive 6-36 in return!

Let me know if you are interested and I will send you the information!

Please don’t ask to participate if you are not willing to spend the $10.

TIS THE SEASON! and its getting closer. COMMENT if You’re IN and I will send you a private message. Please don’t comment if you are not interested and aren’t willing to send the gift!

It might sound promising to many people reading it, but it really won’t do you much good.

From chains to pyramids

Chain letters are essentially pyramid schemes. Pyramid schemes involve funneling money from bottom to top of the pyramid, benefiting those at the top and not many others. If you’re there from the get-go, your chances of making a good return increase somewhat. For everyone else, you’re probably going to lose out.

Where this becomes complicated is in the US is these schemes tend to resemble gambling. This means you could easily end up breaking the law. From the US Postal Inspectors website:

They’re illegal if they request money or other items of value and promise a substantial return to the participants. Chain letters are a form of gambling, and sending them through the mail (or delivering them in person or by computer, but mailing money to participate) violates Title 18, United States Code, Section 1302, the Postal Lottery Statute

Secret Sister data harvesting

You definitely won’t receive a pile of free gifts. However, you could be dragged into some sort of dubious postal scam with mail fraud penalties instead. There’s also the risk of identity theft to consider. Mail fraud scammers typically ask for various pieces of personal information. You could end up handing them your name, address, phone number, alongside a variety of online profiles to tie them to. This could be all an enterprising criminal needs to do some additional damage, especially if they persist in branching out from your profile to those of your friends.

No matter how appealing the prospect of easy free gifts sounds as 2018 slowly draws to a close, don’t fall for it. These types of antics have been around for a long time, and moving into the digital realm doesn’t make them any safer. If you’re not based in the US, you may not have the legal worry to deal with as a result but that’s scant consolation.

Our advice is to stick to Secret Santa, and give his sister nothing more than a Return to Sender.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.