A scam involving a fake Father’s Day promotion is circulating on WhatsApp. The offer misuses the Leroy Merlin name to attract victims with an alleged gas barbecue draw. The links shared in the messenger are actually used to steal victims’ personal data and generate profit for criminals. According to the dfndr lab, PSafe’s digital security laboratory, 157,000 people were affected by the malicious links.
The scam happens when the victim receives a malicious link that promises a gas barbecue for Father’s Day gifts for those who register for the promotion. The link directs the person to a fake page, which uses Leroy Merlin’s marks and asks the user to answer random questions. In this case, criminals profit from viewing advertisements and use the victims as vectors for spreading the coup.
Another false Father’s Day promotion was identified by the laboratory involving the misuse of the Lojas Americanas brand and the Ame Digital payment service. 137 fake profiles were found on Facebook trying to impersonate the retail chain, in order to steal victims’ bank details.
The fraud uses the Lojas Americanas brand and the actor Babu Santana, poster boy for a real action by the chain. The strategy is used to give credibility to the hoax and to deceive people more easily. In this scam, the links take the victims to fake websites with products much cheaper than the traditional price.
When making a purchase on the fake page, the victim is directed to an official store link. At this time, credit card data is sent to criminals, who can clone the card and make improper financial transactions. These data can also be used for the practice of other crimes, such as opening accounts, requesting loans and subscribing to subscription services for various services.
According to Emilio Simoni, director of the dfndr lab, scams like this are already expected on holiday dates: “It is common behavior for cybercriminals to take advantage of events and holiday dates to launch scams like this”. How to protect yourself
Be aware of very advantageous promotions or with superlative discounts on social networks. Generally, companies do not present customers through WhatsApp, nor do they disseminate these offers through the messenger. To ensure that you are facing an official promotion, first check the information on the official websites of the companies.
Another tip is to use a good antivirus on your phone so that it signals when you access a potentially malicious page. In addition, never provide personal or bank details on any suspicious pages on the Internet. Only shop on verified websites with an active security system.