Lidl, Carrefour … and now Mercadona. Juan Roig’s supermarket chain has become the new hackers target. Or rather, your customers. Cybercriminals are posing as this brand to perpetrate their bad practices. The method is diverse, but they always take advantage of the trust that these companies transmit to try to steal our data and, consequently, our money.
His latest attempt was discovered by one of his clients. Through Twitter he has brought to the attention of the company yet another case of identity theft. Specifically, it is an email in which a survey is sent that the victim should fill out in exchange for receiving free purchases. Trickster, right? But false. “Is this reward real?” Asked the user of the social network. To which Mercadona has responded that it was a hoax and that they were already working to put an end to it.
“We do not do promotions, raffles, or give away shopping vouchers: our brand is being used without authorization,” the company responded through its official profile. “We recommend that you do not provide any personal information or make any payment. We will continue working to prevent this type of fraud. Thanks for letting us know”.
We recommend that you do not provide any personal information or make any payment. We will continue working to prevent this type of fraud. Thanks for letting us know.
– Mercadona (@Mercadona) March 19, 2021
Another similar case has to do with fake coupons worth 500 euros. “Indeed, it is a fraud,” the supermarket confirmed on Twitter.
It is indeed a fraud. At Mercadona we do not carry out promotions or raffles. Our brand and image are being used without our authorization. We recommend that you do not share personal or bank information. Thanks for writing to us. All the best.
– Mercadona (@Mercadona) April 11, 2020
With the excuse of getting the odd prize, criminals try to cajole their targets and thus fulfill their mission: get our bank details. This practice is known as phishing and we can quickly identify it: the text usually contains misprints, syntactic inconsistencies, broken links, meaningless expressions … perhaps, not all at once, but at least some of them do.
A decisive element is to look at the address from which the email is sent. If it does not match the domain of the corresponding brand, everything seems to indicate that it is false. In addition, it must be borne in mind that companies will never request personal data so directly, since they already have them with your prior consent.