2 min read

Phishing Emails Lure Black Friday Shoppers with Fake Best Buy, Kohl’s and Ace Hardware Gift Card Giveaways

Alina BÎZGĂ

November 24, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Phishing Emails Lure Black Friday Shoppers with Fake Best Buy, Kohl’s and Ace Hardware Gift Card Giveaways

How would you like a couple of hundred dollars worth of gift cards for this Black Friday shopping spree? Spammers clearly understand the practicality of gift card giveaways used to promote brand awareness and increase customer loyalty, especially during the peak shopping season.

This Black Friday is no exception. Fake customer surveys and giveaways are right now phishing for user data ahead of the busiest shopping day of the year.

Bitdefender Antispam Lab has caught three ongoing phishing campaigns impersonating popular store retailers in the US, including Best Buy, Kohl’s and ACE Hardware. The fraudulent emails bait recipients with a chance to get a $50 or $100 dollar gift card by taking short customer surveys.

Most scam emails target North American shoppers and originate from IP addresses in France, Thailand and the US.

Subject lines are as follows:

  • C0nfirmed: Y0ur HUNDRED D0llar Best--Buy—Reward
  • C0nfirmed: Your__$50__Ace__Hardware__Reward
  • C0nfirmed: Y0ur Hundred D0llar K0hls Reward

The Best Buy and Kohl’s phishing campaigns appear to come from the same gang, which only adjusted the email subject and body.

A separate scam offers shoppers the chance to receive a free 65-inch Samsung TV by participating in a Best Buy Loyalty Program. Although the subject line of the fraudulent emails says the prize is free, the promotional photo says otherwise – you pay $5.95 for shipping.

This scam is also localized, targeting shoppers in North America only. The scammers’ goal is to harvest credit card details from unsuspecting users attempting to pay the shipping fees.

Shoppers should keep an eye out for scams that can also be distributed via social media or text messages. If you get this email or similar correspondence, don’t click on any links or attempt to fill out the phony survey! Those who attempt to claim these enticing rewards are led to web pages not operated by the retailers. Recipients are then asked to provide personally identifiable information including their name, address, email address, phone number and date of birth – just enough information to help commit identity theft-related crimes.

For more tips and tricks on how to spot fake survey giveaways, check our dedicated guide.

Don’t let cyberthieves ruin this holiday season! Opt for a security solution to safeguard your devices and data from malicious attacks and all kinds of fraudulent websites. Experience the best-in-class protection for Windows, Mac, Android and iOS with our extended 90-day Bitdefender Total Security trial for free to ensure safe browsing and shopping experiences online.

Safe shopping everyone!

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

US State Department Offers $10 Million Bounty for Tips on Conti Ransomware Members US State Department Offers $10 Million Bounty for Tips on Conti Ransomware Members
Alina BÎZGĂ

August 12, 2022

2 min read
Years after claiming DogWalk wasn't a vulnerability, Microsoft confirms flaw is being exploited and issues patch Years after claiming DogWalk wasn't a vulnerability, Microsoft confirms flaw is being exploited and issues patch
Graham CLULEY

August 11, 2022

1 min read
Creative scammers send their senior victim an Uber to take her to the bank Creative scammers send their senior victim an Uber to take her to the bank
Alina BÎZGĂ

August 11, 2022

2 min read