With more than a 25% market share, Mercadona is the main supermarket chain in Spain. For this reason, there are many hackers who impersonate their image to steal the personal and banking data of their victims. On this occasion, Mercadona has warned of a scam in his name. To trick their victims, the hackers impersonate the chain and send an email about an alleged delivery of a €500 gift card.
Falling into the trap is relatively easy, since in the email hackers use Mercadona’s logo and corporate colors. In reality, it is a phishing campaign that can have different objectives. On the one hand, request the personal or bank details of their victims. And on the other hand, clicking on a link, which downloads malicious software to the device that steals sensitive information, such as access credentials to social networks or online banking, for example.
Mercadona, through its official twitter account has warned of the scam: “If you have received this message, do not click and delete it, they just want to take advantage of your data. At Mercadona we do not deliver gift cards. Be careful, don’t fall into the trap!”.
In the email that the hackers send to their victims, they inform that the person has been chosen for participate in a so-called loyalty program. As usual in this type of scam, there is a link attached to the message to confirm entry to the loyalty program.
The hook is the least attractive: “It will only take you a minute to receive this fantastic prize… €500 Mercadona Gift Card”. But what happens when users click on the link? They are redirected to a website very similar to Mercadona, in which they must enter their personal and bank details. When they do, hackers get hold of them.
⚠️ If you have received this message, #Don’tPiques 🎣 and delete it 🗑️, they just want to take advantage of your data. At Mercadona we do NOT deliver gift cards. 🚫 Be careful, don’t fall into the trap! pic.twitter.com/FCA7KWH5Lx
— Mercadona (@Mercadona) September 15, 2022
Beware of phishing campaigns!
The phishing campaigns they are the order of the day, so it is important to take special care with them. Hackers, through email or via SMS, impersonate the identity of all kinds of companies or official bodies.
Just a few months ago, many people had their personal and banking details stolen with the “DGT unpaid fine” scam. The hackers sent an email warning of a supposed traffic ticket and attached a link to make the payment. When users entered credit card details, they were done with it.
