Scammers posing as Asda on Facebook are targeting 'women born in October' with a '£1,000 gift card offer' that tricks users into giving away their bank details.
Asda shoppers are warned to be wary of the sophisticated phishing scam, which was first identified by the UK litigation practice Griffin Law.
The fraudulent offer appears as a paid-for advert on the social media platform — one linked to a page titled 'ASDA Gifts' that is not associated with the supermarket chain.
According to Griffin Law investigators, around 100 users have already reported seeing the advert of Facebook. It is not known if anyone has fallen prey to the trap.
Scammers posing as Asda on Facebook are targeting 'women born in October' with a '£1,000 gift card offer' that tricks users into giving away their bank details. Pictured, the scam
The paid-for advert features an image of two women standing in front of a fully-loaded shopping trolley — however, closer inspection reveals that none of the branded goods in the picture are available in UK stores.
The text of the scam claims that it is 'giving away £1000 Asda Gift Cards across the country to raise brand awareness. Please complete a short survey below to figure out if you're eligible to get it.
'Act Fast! Only 949 Gift Cards left,' it continues.
The advert links to a fraudulent claim site — one sporting realistic-looking Asda branding — which prompts its victims to enter their name, home address, telephone number, full bank account details and 3-digit security number.
Manchester-based Twitter user @Djpaul67Uk flagged a screenshot of the advert on Facebook to the Asda Service Team.
'I can confirm this is not an advertisement from us, this looks to be a scam,' Asda staff member 'Lewis' tweeted in response.
The MailOnline has approached both Asda and Facebook for comment.
Manchester-based Twitter user @Djpaul67Uk flagged a screenshot of the advert on Facebook to the Asda Service Team. 'I can confirm this is not an advertisement from us, this looks to be a scam,' Asda staff member 'Lewis' tweeted in response
'With the majority of people still working from home or on furlough due to the COVID-19 crisis, we’re seeing a sharp rise in online scams offering everything from gift cards to discounts,' said Centrify cyber expert Andy Heather.
'These fraudulent posts are specifically designed to catch consumers off-guard, often making use of sponsored posts to fool unsuspecting victims into handing over personal information such as bank details.'
'Failure to identify and avoid these scams could cause a serious security headache for consumers, especially if they are using company-owned laptops and mobile devices and inadvertently putting their employer at risk of fraud.'
'All it takes is for a hacker to get hold of a username and password and within minutes they will be able to access email accounts and impersonate workers in an effort to commit widespread fraud,' he added.
'It’s vital companies invest in the latest cyber security systems to ensure fraudsters are locked out of the business at all times.'
PHISHING INVOLVES CYBER-CRIMINALS ATTEMPTING TO STEAL PERSONAL INFORMATION
Phishing involves cyber-criminals attempting to steal personal information such as online passwords, bank details or money from an unsuspecting victim.
Very often, the criminal will use an email, phone call or even a fake website pretending to be from a reputable company.
The criminals can use personal details to complete profiles on a victim which can be sold on the dark web.
Cyber criminals will use emails in an effort to elicit personal information from victims in order to commit fraud or infect the user's computer for nefarious purposes
Some phishing attempts involve criminals sending out infected files in emails in order to take control of a victim's computer.
Any from of social media or electronic communication can form part of a phishing attempt.
Action Fraud warn that you should never assume an incoming message is from a genuine company - especially if it asks for a payment or wants you to log on to an online account.
Banks and other financial institutions will never email looking for passwords or other sensitive information.
An effected spam filter should protect from most of the malicious messages, although the user should never call the number at the bottom of a suspicious email or follow their link.
Experts advise that customers should call the organisation directly to see if the attempted communication was genuine.
According to Action Fraud: 'Phishing emails encourage you to visit the bogus websites.
'They usually come with an important-sounding excuse for you to act on the email, such as telling you your bank details have been compromised, or claim they’re from a business or agency and you’re entitled to a refund, rebate, reward or discount.
'The email tells you to follow a link to enter crucial information such as login details, personal information, bank account details or anything else that can be used to defraud you.
'Alternatively, the phishing email may try to encourage you to download an attachment. The email claims it’s something useful, such as a coupon to be used for a discount, a form to fill in to claim a tax rebate, or a piece of software to add security to your phone or computer.
'In reality, it’s a virus that infects your phone or computer with malware, which is designed to steal any personal or banking details you’ve saved or hold your device to ransom to get you to pay a fee.'
Source: Action Fraud