Coffee maker or smartphone for €1.95… Beware of scams on Facebook
The offer looks very attractive. Smartphone Samsung Galaxy S22 for 1.95 euros (compared to 699 euros online), DeLonghi coffee machine for the same price (not 300 euros). Or even a pallet of household appliances for just 2 euros. These offers use well-known brand names or platforms such as Lidl, Auchan or Amazon.
To justify such promotions, the arguments advanced on Facebook pages such as “Best deals” (sic) or “Electronic discounts” are similar: stock of products from the previous year must be sold.
The company “could throw them away”, but is hosting “charity events and giving away at a reduced price” phones, coffee makers and other home appliances, boasted the post. In support of the offer, enthusiastic comments from internet users claiming to have received the package in question, with photos as proof.
This is not the first time this type of phishing scam has appeared on Facebook, with the aim of encouraging the communication of personal and/or banking data. UFC Que Choisir is on alert for proceedings in 2015 or 2019, with a supposedly 1 euro Samsung smartphone or iPhone at stake.
“This is a classic technique that we see a lot, comments Jean-Jacques Latour, director of cybersecurity expertise at cybermalveillance.gouv.fr, a government website that does prevention on this issue. There are many fake contest game businesses in the United States. In France, this affected all brands, with fake vouchers also for all brands. »
Fake comments to give credit
Fraudsters also target according to current events: in 2022, when a liter of gasoline exceeds 2.20 euros, many fake scams “TotalEnergies 100 L of fuel for 2 euros” appear online. “Dozens of pages were created per day,” recalls Jean-Jacques Latour. There’s the Leroy-Merlin barbecue for Father’s Day or the Milka chocolate basket for Easter. “There are no estimates of the total amount cut in France,” he added. This is a phenomenon that is way under the radar. »
What should alert you if you are ever tempted to click on the offer? Web address first of all: not brand concerned or contains errors, copied website tabs (those from Lidl or Amazon here) lead nowhere, text combines sentences in English and French, with misspellings.
In an attempt to convince, the fake comments were attributed to the publication. “In these fake comments, people say:” I’m very happy, I took it right away, it’s for barge fishing, added the director of cybersecurity expertise at cybermalveillance.gouv.fr. But what we can also see is that you can’t leave a comment because it’s closed. »
We tried our luck…
We tested two offers (without providing our contact details): one for the De’Longhi coffee machine for 1.95 euros and an Amazon palette for 2 euros. They work by the same model: a Facebook link leads to a page with a brand’s visual identity (Lidl or Amazon), but with a completely different web address (ydlbr.info or juxugou.info). You are then asked to answer three questions to “confirm that you are a real person.”
The next phase is more fun: we are given three chances to open the prize pack and see if we can win the prize. As luck smiled at us, on the second attempt, we won an Amazon coffee machine and pallet. The third step is then triggered: you have to fill out a form with your contact details, then your bank details on the new site.
“Hidden subscription phenomenon”
And this is where phishing happens, by providing your personal data (name, address, phone number) and your bank details you allow withdrawal of regular amount from your account. Terms and conditions are detailed in a small line at the top or bottom of the page. It informs you about the reality of payments. It is a matter of subscribing to the loyalty club “service”, the offer of which is very vague.
“It’s a phenomenon called hidden subscriptions, explains Jean-Jacques Latour. That is, you accept without knowing it, because the terms are written so small and barely legible, for a subscription to an obscure service that will cost you around forty euros per month and which you will be very hard to lose. »
After a trial period of several days, “an amount is debited” from your credit card, whether it is shown on the fake Delonghi website, which has become payment, club-gagnant.online. For the bogus Amazon offering, namely to provide access to home appliances that are ultimately “unclaimed at the post office”, the terms indicate that “use of the brand does not imply any affiliation or endorsement on their part”. At the time of payment comes a new domain name: dreamwardrobe.online. Here, too, it is a question of subscribing to the “Dream Wardrobe” service, domiciled in Cyprus. The contribution amount is 44 euros, debited every 14 days.
Cyprus, a country popular with cybercriminals
Do we accept the so-called winning products? Probably not, because the terms displayed on the payout page have changed and resulted in a contest or raffle every 600 participants. Moreover, the location in Cyprus has nothing to do with chance. “Very often, cybercriminals will find their activities, their companies in countries where there is no extradition, no judicial cooperation, and Cyprus is an example of this”, emphasized Jean-Jacques Latour.
The director of cybersecurity expertise recommends first checking the official websites of major brands for promotions and, if so, reporting fake offers on social networks or on the Pharos online platform. You should also check your credit card statement to record fraudulent charges. If so, you can oppose direct debit and, if a bank card number has been provided, you must also oppose the bank card, as it can be reused. And finally, he recommends filing a complaint with the police station or gendarmerie brigade.