Nescafé coffee lovers are the latest to be targeted with a phishing scam designed to steal their personal details and infect their device with malware.
The scam is circulating widely on social media and users have reported receiving a message saying: “Nescafe offers free coffee machine and 3 coffee packs. Complete this mini survey and win a Nescafe Coffee machine”
To entice users to click on the link, the post includes an image of a coffee machine and lists the number of coffee machines left available in the promotion.
Image: Fake Nescafé Phishing post
Before proceeding to the survey, the user is prompted to click the ‘Yes’ button where they are redirected to another page that asks them to download a PDF.
This is just a cunning way to trick the user into downloading malware onto their device. Once installed, attackers can use the malware to spy on their online activities, steal personal and financial information or use the device to hack other systems.
Nescafé is not running a promotion like the one used in the scam and the company confirmed the posts are fake in a recent statement: “Nescafé Dolce Gusto is in no way associated or affiliated with the promotion. We therefore urge all our consumers to be vigilant and exercise caution when it relates to sharing any personal information online.”
Social media phishing, primarily on Facebook and Instagram, has seen a 74.7 percent increase in the first quarter of 2019. This rise can be attributed to a more trusting online environment where users are less suspicious about links in social posts than they would be on other platforms.
Fraudsters have taken full advantage of this lack of cyber security awareness to launch a range of scams that aim to harvest user details, fill pages with spam or deliver malware.
To avoid being scammed on social media, there are a number of steps you should take:
- Never click on links or download attachments from unknown sources. These links will nearly always be created to steal sensitive information or deliver malware. If you’re unsure if the request is legitimate or not, go directly to the company’s official website to see if they are running any promotions.
- If you’re on the Facebook page of a legitimate business, it should have a blue tick which means it’s a verified account.
- Look closely at the spelling of the web address and check for any minor inconsistencies that may indicate a phishing website.
- Be wary of offers that seem too good to be true. Criminals will use these offers as bait to get you to click on a malicious link.
- Install anti-virus software on your device to detect threats and block unauthorised users from gaining access.
- Back up data on a regular basis. In the event your device is infected with malware, you will be able to retrieve all your valuable data and files.
- All competitions in the UK must have terms & conditions and they must be easily accessible to all entrants. If there are no T&C’s, suspicions should be raised.
Phishing is the number one cause of all cyber attacks and continues to prove one of the easiest ways to steal valuable data and deliver malware. MetaPhish has been created to provide a powerful defence against these threats and enables organisations to find out just how susceptible their company is to phishing. Get in touch for further information on how we can protect your business.