Yet another online scam in Italy, once again based on an email from phishing which exploits the name and fame of a major supermarket chain (totally unrelated to the facts). We are talking about the latest scam “Esselunga Surprise” and the surprise, if you are not very careful, is to find the empty bank account.
The mechanism of the scam is the now well-established one of survey: if the user answers ten questions, then he receives a high-value gift from the company. In this case, the gift would be a set of airtight containers 36-piece kitchen set, worth 399 euro. Clearly, however, none of this is true.
The Esselunga Surprise Scam
The scam Esselunga Surprise It starts with a phishing email which does not contain text but only an image with a link. The address of origin, however, has nothing to do with Esselunga, but is that of an unwitting Gmail user whose account has evidently been hacked.
This detail on the one hand would already allow the email to be archived as fraudbut on the other hand it deceives the anti phishing system mailboxes and allows the message to reach its destination without being blocked first.
If the user receiving the email clicks on the image, which invites them to fill out a 2-minute survey to win a 36-piece Tupperware set, they are then taken to a site created specifically to scam him.
Again, thewebsite address has nothing to do with the real Esselunga one. The content, however, perfectly imitates the logos and brand colors Italian and contains the usual message to hurry up the less attentive and less cautious user: “Attention! This survey offer expires today“.
The actual survey is made up of a dozen questions all in all credible, like “How often do you shop at Esselunga?” o “How would you rate the variety of brands present in Esselunga?“. Some of the questions contain typos, such as “Esselungas“, or sentences written in not perfect Italiana sign of automatic translation from other languages.
After the tenth question the site pretends to check the answers and then shows the screen with the prize and, immediately after, some comments written by fake profiles. Some of the comments, which are of course all in favor of the scam initiative, contain photos of the container set.
At this point, however, the real scam occurs because in order to receive the free set, with the declared cost of 399,99 euro (and it’s a credible price, for that brand), you have to pay 2 euros shipping costs.
To make this phase more credible, however, the scammers have chosen not to immediately ask for payment card details: first the victim-user will have to enter the shipping address, name, surname, telephone number. All data that cybercriminals will then use to send more spam e other scam attempts.
Once this is done, the really dangerous screenthat is, the one where you have to enter your card details to pay the alleged 2 euros for shipping: card number, expiry date and, above all, CVV.
Once you have entered this data, the paper is in the hands of cybercriminals who, within a short time, will start using it to make online purchases as long as there is money on the card (or in the account linked to it).
How to protect yourself from online scams
Needless to say, Esselunga is completely unrelated to this scam, as well as to all other similar scams that, over the years, have tried to exploit its name. However, since the graphics and logos of the supermarket chain are very well imitated by scammers, the user can fall for it if he’s not very careful.
For this reason the company has put a page online where it explains How to recognize Esselunga-themed frauds and the first suggestion that is given is to check the address of the site you end up on after clicking on the initial message. These, for example, are safe addresses:
www.esselunga.it
www.esselunga.it/approfondimento/frodi-online.html
While these, on the contrary, are certainly fake sites:
[email protected]/KKPoBVBD7?/buonoregalo.html
www.esselunga-italia.it/KKPoBVBD7?/buonigratis.html
[email protected]/IT-it/tupperware.html
The same goes for the address from which the email comes, while it is more difficult to check the origin in case of message on social media or via messaging apps like WhatsApp.
To these suggestions, we always add our own: nobody gives anything awayalso to avoid the risk of making a assist scammers making these initiatives credible.
