The wave of the anniversary of the period, Mother’s Day, is exploited to propose a competition with prizes, with the Nespresso brand, which would be giving away coffee machines such as the Nespresso Vertuo. This is obviously a scam, let’s see how it works and where our data ends up.
Phishing themed “Mother’s Day” on the Nespresso brand
The format is always the same, classic phishing screen that incorporates Nespresso graphics and colors, administering a quiz with the promise of being able to participate and win a prize contest. But in reality nothing is won, quite the contrary you simply lose your personal data and some credit card charges.
May 17, 2022 – 12:00
WEBINAR – IT channel: how to increase password-free security for customers
It all starts with a link from Whatsapp, from a person known to us because he is present in our address book, we will soon understand why. The link, to which we recommend not even making the initial click, has the form of the type: “https[:]//wp20.ru/r956761999/ ”, registered on January 30, 202, with HTTPS (SSL) certificate signed on April 3 and valid for three months, located in the United States under CloudFlare.
In any case, the address of the link can also be different from the one reported in the article, but you can take as a point of attention at least the form, decidedly suspicious and not known to the point of entrusting our data.
The page reads:
“Hello, Welcome to the Nespresso Sweepstakes for Mother’s Day.
Take the short quiz, find the hidden prize and win a Nespresso Vertuo coffee machine. “
After the phases of filling out the quiz and playing in search of the prize (you always lose on the first shot, a second attempt is granted and it will always be the winning one), you are asked to share with an interesting number of people, via Whatsapp the same link. Hence the chain that spreads to all people we trust, exactly like us who in turn received it from well-known people. It is the very concept of a chain, which ensures its rapid diffusion and low doubts, in the meantime the malicious link turns and reaches more and more people, the large numbers help to consolidate some victims.
Nespresso sweepstakes, steal our data
We have therefore seen that the quiz mechanism will lead us to a sure victory. Well, now what is to be done about the prize? Remembering that the prize is non-existent and that the whole structure is designed solely to set up a typical phishing fraud, let’s see what will happen to our “winnings”.
After having ascertained our hypothetical victory and shared the malicious link with X people and Whatsapp groups, we will be offered a form to fill out online, with all our personal data (in some cases, depending on the redirect, the number is also requested credit card for the credit of an elusive “Shopping Voucher”). In the case analyzed in the editorial office, we were directed to fill in a form hosted on an Italian web page, also showing a VAT number (06723050966), such as “La Fabbrica dei Premi”, a product that can be linked to the company Adsalsa Italia Publicidad Sucursal based in Alcoy (Spain) and Bresso (MI).
So what about our data?
The form proposed on the site of “lafabbricadeipremi.com” requires all personal data, including telephone number, residential addresses and email. The site will collect them and make use of them for commercial purposes and certainly not known to the user.
This website, with this VAT number, seems to be a resurrection of old acquaintances. In fact, since 2017 there has already been an injunction order against Adsalsa Italia Publicidad Sucursal promoted by the Italian Data Protection Authority, filed under the number 6689610.
Therefore, we know the historicity of the VAT number used by La Fabbrica dei Premi by means of this document, the fundamental point of which is summarized in the following lines:
“After having collected the personal data of the whistleblower through a form on its website www.adsalsaitalybranch.com for the execution of an online prize competition called” Win a 500 “, has disclosed the same data to eight third-party companies for their marketing purposes“.
The affair was filed with an administrative sanction against the owners for € 20,000, as reported in the GPDP document.
We have therefore understood what our data is going around, after a simple compilation of online forms, archived and then resold, without us being able to keep control of them anymore, for purely commercial purposes. Every opportunity is now being taken advantage of with these simple phishing portals, as we have seen for Easter with the Ferrero egg and the waves will continue, the only weapon at our disposal is to always be wary of Internet addresses unknown to us, not directly linked to the brand we are talking about, ignore the requested shares. Without our shares the chain is broken and the scam dies in the bud.
We remind you that if you receive a suspicious email and would like to report it to the editorial office, you can take screenshots with evidence of the sender and send it to: email@example.com.
@ALL RIGHTS RESERVED
We would love to give thanks to the writer of this short article for this outstanding material
“Nespresso Sweepstakes for Mother’s Day”, a scam via Whatsapp – Cyber Security 360
We have our social media pages here and other related pages herehttps://prress.com/related-pages/