We often see unethical techniques being used to obtain bank details. One of the most typical in recent years consists of attracting potential victims through interesting prizes that, supposedly, are accessed after completing a simple survey. This is something that, recently, the cybersecurity company ESET has detected that it has occurred again with large companies such as Amazon and Vodafone as main protagonists.
Indeed, in these campaigns, cybercriminals sand they pose as companies to try to deceive users with some incredible prize or offere. To do this, they use email. According to the security firm, in the case of Amazon, the malicious message mentions LinkedIn.
In the email a link is added and, in case of clicking on it, the user is redirected to a page that pretends to be the official Amazon page and in which, in addition, he is told he has won a iPhone 13. To do this, you must fill out a survey.
“It is very likely that the people in charge of this email campaign are running it in several countries at the same time and that they are not bothering to change the templates used in the email. What we do observe is that, by clicking on the link provided, we are redirected to a website prepared for Spanish-speaking users, since it is not only translated into Spanish, but also includes comments in this language from alleged previous winners » , point from ESET in a statement sent to ABC.
In the survey, cybercriminals request information of all kinds, such as age, gender or shopping habits. After this, we are presented with a small game in which we must open gift boxes to find the prize inside.
At this point, everything is ready so that the user is always right, showing the following screen indicating that we have been graced with nothing less than an iPhone 13 Pro. This is a gift of a value important enough for many users to consider follow the instructions indicated and pay the small amount that is requested to receive it. «This small amount is a bait for the user to fall into the trap and provide personal and credit card information», They point out from ESET.
This is how the Vodafone scam works
In the case of Vodafone, the scam also starts via email, although in this case, instead of LinkedIn, the criminals impersonate the American commercial chain Home Depot. «The use of this email template, with a company without a presence in Spanish territory, once again indicates that those responsible for these campaigns are indiscriminately sending this type of email without taking into account the location of the recipient, trusting that the redirection to the web adapted for each country is convincing enough “, they explain from the cybersecurity company.
In the event that any user located in Spain clicks on the link provided in the email, they will be redirected to a website that impersonates the identity of the telecommunications company Vodafone. On this website we are also mentioned the possibility of winning a prize just by filling out a survey, attaching comments in Spanish of other supposed winners.
The survey is very similar to that of Amazon, it differs in that, in this case, instead of offering us an iPhone 13 Pro directly, we are left to choose between an older version of this device and other technological products of a considerable price. It is possible that in this case an older template is being used, although, in the end, it is just as effective. Be that as it may, the goal is the same: trick the internet user into revealing their bank information.
«More specifically, information related to payment methods such as your credit cards. That is why the baits used are so attractive, which makes not a few users believe that they have been graced with a high-end phone so easily and in exchange for only paying a small amount for shipping costs, “he says. ESET.
How to avoid it
To avoid falling for scams of this type, all cybersecurity experts recommend system mistrust any email in which you try to tempt to the user with an offer that is out of the ordinary. Regardless of whether, in principle, it comes from a well-known company. The ideal in this case is to contact the firm that, supposedly, is behind it through a different route. Never responding directly to the message.