“Free easter chocolate basket” is a social media scam after your personal details

Holidays inspire fraudsters and scammers to create timely and effective ways to string people along and get them to give up either their money or their personal information. This is the case in this chocolate-themed scam.

Cadbury UK has issued a warning to its 315,000 followers on Twitter about a scam making the rounds on WhatsApp and other social media sites like Facebook.

We’ve been made aware of circulating posts on social media claiming to offer consumers a free Easter Chocolate basket. We can confirm this hasn't been generated by us & we urge consumers not to interact. Your security is our priority & we’re currently working to resolve this.

— Cadbury UK (@CadburyUK) March 31, 2022

Users of WhatsApp have reported receiving links to a web page where they can claim a “free Cadbury easter chocolate basket.”

When they open the link, users are presented with a short list of questions to answer—purportedly as part of an “Easter Egg Hunt”—before they are prompted to enter their personal details.

The Dorset Police Cyber Crime Unit posted an appeal about this scam to its Facebook page.

“DON’T CLICK THE LINK.” the post reads, the text bookended with the warning sign emoji. “Our Cyber Protect Officer has done it for you.”

An overview of what the scam looks like.
(Source: The Dorset Police Cyber Crime Unit Facebook page.)

The post continues with how the scam works:

“The site looks fairly convincing, however the only buttons that actually work are the ones to answer the questions. The search icon and the three little lines do nothing at all.

Once you answer those question [sic], you’re taken to a little game where you have to ‘find your prize’. Conveniently, your first and second tries won’t be successful, but you’ll ‘win’ on your third go! At that point, to claim your “prize”, you’ll be asked to hand over all sorts of personal information. That’s where the scam comes in!”

Looking at the shortened URL link (“tinyurl2.ru“) used in this campaign and how this scam campaign itself was formatted, it resembles the Amazon International Women’s Day 2022 Giveaway scam that is said to have gone viral in February.

It’s highly likely that scam links similar to these two can only be accessed via mobile devices.

This isn’t the first time Cadbury’s name has been dragged into a scam campaign. On December 2021, a Facebook scam about Cadbury reportedly giving away hampers of chocolate for Christmas did the rounds.

How to avoid falling for a scam like this

Warn your less security-savvy friends and family: When it comes to giveaways, think twice before clicking or sharing with friends, family, and social contacts. Scammers have always been on the prowl and do not rest until they get what they want. They are patient and have only got better at attempting to social engineer anyone who has a soft spot for anything—dogs, cats, commemorations, pizza, and, as we’ve just seen, chocolates.

Err on the side of caution. If you see a giveaway post in your feed, visit the official website of this brand to see if it’s genuine. Or, if they have a social media presence, which they usually do, ask on Twitter or Facebook. Send screenshots if you can.

It’s always a good idea to verify. But it’s not a good idea to click links thoughtlessly, and give your details away for delicious, delicious chocolate you can just buy from the shops.

Stay safe!

The post “Free easter chocolate basket” is a social media scam after your personal details appeared first on Malwarebytes Labs.

Article Link: "Free easter chocolate basket" is a social media scam after your personal details