The offers look very attractive. A Samsung Galaxy S22 smartphone at 1.95 euros (against 699 euros online), a DeLonghi coffee machine at the same price (instead of 300 euros). Or even pallets of household appliances for only 2 euros. These offers use the name of well-known brands or platforms such as Lidl, Auchan or Amazon.
To justify such promotions, the arguments put forward on Facebook pages such as “Best offers” (sic) or “Discounted electronics” are similar: stocks of products from the previous year must be sold off.
The company “can throw them away”, but organizes “a charity event and gives away at a reduced price” the telephones, coffee makers, and other household appliances, boast the posts. To support the offer, enthusiastic comments from Internet users claim to have received the package in question, with a photo as proof.
FAKE OFF
This is not the first time that this type of phishing scam has appeared on Facebook, with the aim of encouraging the communication of personal and/or banking data. The UFC Que Choisir alerted to the process in 2015 Where 2019with so-called Samsung smartphones or IPhone at 1 euro.
“It’s a classic technique that we see regularly, comments Jean-Jacques Latour, director of cybersecurity expertise at cybermalveillance.gouv.fr, a government site that does prevention on the subject. This business of fake contest games exists a lot in the United States. In France, this affects all brands, with also fake vouchers for all brands. »
False comments to give credit
Scammers also target according to current events: in 2022, when a liter of gasoline exceeded 2.20 euros, many fake “TotalEnergies 100 L fuel vouchers for 2 euros” scams appeared online. “Dozens of pages were being created per day,” recalls Jean-Jacques Latour. There is the variant of Leroy-Merlin barbecues for Father’s Day or Milka chocolate baskets at Easter. “There is no estimate of the total amounts deducted in France, he adds. It is a phenomenon that passes much under the radar. »
What should alert you if you are ever tempted to click on the offer? The web address first of all: it is not that of the brand concerned or contains errors, the tabs of the websites copied (those of Lidl or Amazon here) lead nowhere, the texts mix sentences in English and French, with spelling mistakes.
In an attempt to convince, false comments are associated with publications. “In these false comments, people say:” I’m so happy, I received it right away, it’s to bait the barge, adds the director of cybersecurity expertise at cybermalveillance.gouv.fr. But what we can also see is that you cannot leave comments because they have been closed. »
We tried our luck…
We tested two offers (without giving our contact details): the one for the De’Longhi coffee machine at 1.95 euros and the Amazon palette at 2 euros. They work on the same model: the Facebook link leads to a page with the visual identity of the brand (Lidl or Amazon), but with a completely different web address (ydlbr.info or juxugou.info). You are then asked to answer three questions to “confirm that you are indeed a real person”.
The next phase is more playful: we are given three attempts to open a gift package and see if we can win the prize. As luck smiles on us, on the second attempt, we win the coffee machine and the Amazon palette. The third step is then triggered: you have to fill out a form with your contact details, then your bank details on a new site.
“The phenomenon of hidden subscriptions”
And this is where phishing takes place, by providing your personal data (name, address, telephone number) and your bank details, you authorize the regular withdrawal of sums from your account. The terms and conditions are detailed in small lines at the top or bottom of the page. These inform you of the reality of the payments. It is a question of subscribing to a “service” of loyalty club, the offer of which is very vague.
“It’s a phenomenon called hidden subscriptions, explains Jean-Jacques Latour. That is to say that you accept without knowing it, because the conditions are written in very small and almost illegible form, to be subscribed to an obscure service which will cost you around forty euros per months and which you will have great difficulty getting rid of. »
After a trial period of a few days, “an amount is debited” from your credit card, is it indicated on the fake Delonghi site, which has become payment, club-gagnant.online. For the bogus Amazon offer, which is to provide access to home appliances ultimately “unclaimed at the post office”, the terms point out that “use of the marks does not imply any affiliation or endorsement on their part”. At the time of payment a new domain name appears: dreamwardrobe.online. Here too, it is a question of subscribing to a “Dreamwardrobe” service, domiciled in Cyprus. The amount of the contribution is 44 euros, debited every 14 days.
Cyprus, a country popular with cybercriminals
Do we receive the so-called won product? Probably not, because the conditions displayed on the payment page have changed and evoke a contest or a draw every 600 participants. Moreover, the location in Cyprus owes nothing to chance. “Very often, cybercriminals will locate their activity, their company in countries where there is no extradition, no judicial cooperation, and Cyprus is an example of this”, emphasizes Jean-Jacques Latour.
The director of cybersecurity expertise recommends going first and foremost to check on the official website of the big brand if there is a promotion and, if so, to report the false offer on social networks or on the online platform. Pharos. You should also check your credit card statements to note any fraudulent charges. If this is the case, you can oppose the direct debit and, if the bank card number has been given, you must also oppose the bank card, because it can be reused. And finally, he recommends going lodge a complaint at the police station or the gendarmerie brigade.