UK consumers were targeted by a new phishing scam falsely purporting to be from leading UK supermarket Tesco, litigation firm Griffin Law has discovered.
The scam, which used a fake Facebook page as well as SMS and email communication, aimed to trick consumers into handing over their details and steal confidential and payment data.
The fraud began via an official-looking but fake Facebook page entitled ‘Tesco UK’ which shared images purporting to be from a Tesco warehouse, displaying packed boxes of HD TVs.
According to Griffin Law, the accompanying message said: “We have around 500 TVs in our warehouse that are about to be binned as they have slight damage and can’t be sold. However, all of them are in fully working condition, we thought instead of binning them we’d give them away free to 500 people who have shared and commented on this post by July 18.”
Unsuspecting users who then enthusiastically shared the post helped it to spread before receiving an email offering them the chance to ‘claim their prize.’ A button in the message linked victims to a landing page to enter their name, home address, telephone number and bank account details.
Griffin Law stated that at least 100 consumers have reacted to the Facebook page or received an email. The original fake Tesco Facebook page is now listed as ‘content unavailable.’
Tim Sadler, CEO, Tessian, said: “As the lines between people in our ‘known’ network and our ‘unknown’ networks blur on social media feeds and in our inboxes, it becomes incredibly difficult to know who you can and can’t trust. Hackers prey on this, impersonating a trusted brand or person to convince you into complying with their malicious request and they will also prey on people’s vulnerabilities.
“They know people are struggling financially during this [COVID-19] pandemic, so the offer of a free TV could be very attractive. However, as the saying goes, if it looks too good to be true…it probably is! Question the legitimacy of these messages and always verify the request or offer before clicking on the link.”
Source: Infosecurity Magazine