Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – Tesco Shoppers Targeted with Facebook Phishing Scam

Tesco scam

Tesco shoppers are being warned to avoid a fake voucher scam that is currently circulating on Facebook.

The post promises shoppers a £40 voucher to spend in store if they fill in an online form and submit their personal details.

The scam appears entirely legitimate, and an image of the voucher is included within the post to entice the user to click on the link.

Upon clicking the link, the user is directed through to a fake survey page that asks them to complete a brief survey about Tesco. The page then pretends to analyse the entry before confirming if they have won a voucher.

Regardless of what information has been supplied, the victim will be told they have won the voucher but in order to claim it, they will need to share it on Facebook, add the comment ‘thanks’, and then like the associated Facebook page.

Image: Fake Tesco Facebook Post (Source: HoaxSlayer)

Tesco phishing scam

Even after submitting all this information, the user is told they must click on a link to verify their identity. This is just a cunning way to harvest the victim’s personal details, and more often than not, the information will be sold on to third party companies and victims will be bombarded with yet more unsolicited emails, phone calls and text messages.

Tesco has confirmed the post is fraudulent and has nothing to do with the company: “We’ve picked up on some scams on Facebook where scammers are impersonating Tesco – these are fake and so do not click on them. We don’t have a separate ‘offers’ page. The fake voucher giveaway is just the bait used to trick people into engaging with the bogus page, and there are no real prizes up for grabs. Tesco only has one Facebook page: Any other page is not official and is potentially a scam.”

To avoid being scammed on Facebook, there are a number of precautionary measures you should take:

  • Never click on links requesting personal information –These links will nearly always be created to steal sensitive information or deliver malware. If you’re unsure if the request is legitimate or not, go directly to the company’s official website to see if they are running any promotions.
  • Only enter personal information on a secure website – The URL on a secure site will always begin with a ‘https’. The ‘s’ stands for secure and ensures that all communication between your browser and the website you are visiting is encrypted.
  • Look for the blue tick – If you’re on the Facebook page of a legitimate business, it should have a blue tick which means it’s a verified account.
  • Use unique login details for each account– It’s always best to use a unique username and password for each site so that in the unfortunate event of being phished, the fraudsters won’t have access to your other online accounts.
  • Install Anti-Virus Software – The installation of anti-virus software will help detect threats on your device and block unauthorised users from gaining access.
  • Use enhanced privacy settings – Regularly check and adjust your privacy settings to restrict what people can and can’t see on your profile.
  • Receive Phishing updates from Facebook’s security page – The Facebook security page will keep you up to date with any news or updates regarding recent phishing attacks. All you have to do is like the page and you will receive regular updates in your news feed.

Despite the increasing sophistication of phishing attacks there are a number of ways you can protect yourself online. MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combating cyber-crime. Get in touch  for further information on how we can help your business.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations