Warning: Fast Food and Free Beer are Being Used to Phish You
Quick Answer
During the 2020 COVID-19 lockdowns, attackers ran two phishing campaigns built on pandemic-era lifestyle changes. The first impersonated fast food chains with fake coupon and delivery emails: clicking the link landed users on a credential-harvesting page that requested Google or social account login, and no food was ever delivered. The second was a WhatsApp scam offering free Heineken beer in exchange for completing a survey; Heineken publicly confirmed the campaign was unauthorized. Both relied on small-dollar lures attractive enough during lockdown to override skepticism, used legitimate-looking landing pages, and harvested credentials or personal data for resale. The pattern recurs in every disruption: attackers retarget high-engagement consumer themes within days of news cycles, so user awareness training has to refresh continuously rather than annually.
Hackers are always trying to come up with ever more enticing lures to phish you. Sometimes the lure is the promise of riches, while other times it’s a job opportunity or tax refund. Hackers may have outdone themselves this time with separate phishing attacks centered around fast food and free beer as a direct result of the COVID-19 pandemic.
From komando.com, “In light of the influx in deliveries and takeout orders, hackers and cybercriminals are now using fake coupons and delivery deals to trick people into sharing their personal data. If you get a special offer for your favorite fast-food joint, you might want to think twice before opening it. If you click the links contained in the emails, you’ll end up on a fake website that asks you to log in with personal information like a Google account. Once the form is filled out, the data will be stolen and saved to a server elsewhere. Oh, and to top it off, you don’t get any food deals either! It’s a lose/lose situation.”
So, you’ve been phished and you’re still hungry.
Not to be outdone, hackers have launched a “free beer phishing scam on WhatsApp amid [the] lockdown.”
According to Sirf News, “One such message that went viral on social media in different countries of the world claims that free beer of the Heineken brand is being distributed despite lockdown. This message claims if the user participates in a survey, he/she will get four beers for free from the company. Heineken says that the ‘free beer’ message on WhatsApp is a scam and that the company has made no such offer.”
So, you’ve been phished and you’re still thirsty.
All these phishing scams have one thing in common. Just before you became a victim, you clicked on a link. The trick of course is to not click on the link, and one of the best ways to make sure that doesn’t happen is to keep phishing emails out of your inbox in the first place. If they’re not in your inbox then there’s zero chance you get phished.
How do you keep phishing emails out of your inbox? That’s easy, with cloud-based phishing protection software like that available from DuoCircle.
Phishing Protection from DuoCircle, sets up in 10 minutes, requires no hardware or software to buy and costs only pennies per user per month. You should try it for free for 60 days, especially if you’re going to surf the web hungry.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.