Fake gift cards campaign targeting Europe

Posted by & filed under Security Alerts.

Following the governmental measures of limiting unnecessary public movements due to COVID-19, a number of European and non-European countries reported a lot of cyber incidents.


A high number of attacks are regarding malicious phishing campaigns offering prizes in the form of well-established brand gift cards.

These attacks have been reported in Romania, Germany, France, Sweden & Greece.

In the following table you can find the brands used for the phishing scam attempts:

Company Prize
lidl ireland giftcard
aldi fr/eng giftcard
argos giftcard
asda giftcard
lidl giftcard
caltex giftcard
canon giftcard
dan murphy’s giftcard
edeka-gr giftcard
kitchenaid win nespresso set
luxair giftcard
morrinsons giftcard
profi giftcard
ryanair giftcard
tesco giftcard
woolworths giftcard
zara giftcard


Scam Methodology:


As with previous scam/phishing incidents, potential victims are served a short questionnaire with general questions about their shopping preferences. After answering the questions, users are redirected to a page where they can choose from multiple options their prize. The goal is to redirect the user to a malicous website and trick him/her in subscribing in a paid service before they can receive their prize.


Steps to have in mind:

  1. Browse only secure websites where you can see the protocol https:// used at the beginning of the link  – further information https://csirt.cy/https-explained/
  2. Always check the validity of the certificate of each website – further information https://csirt.cy/viewsslcertificates/
  3. Pay close attention to the content of the website, spelling and grammar mistakes often point to a phishing website.