Delete
National institute of cybersecurity warns of scam using expensive Leroy Merlin gift as bait
Scam alert

National institute of cybersecurity warns of scam using expensive Leroy Merlin gift as bait

Cybercriminals seek to obtain victims' bank details with new phishing scam, a message claiming to be from the popular chain of DIY stores

Raquel Merino

Málaga

Friday, 13 December 2024, 12:01

If you receive an email apparently from Leroy Merlin asking you to answer a survey and in return you will get a free set of tools from the prestigious brand Dexter, you may fall for the bait and become a victim of a scam. The national institute of cybersecurity (Incibe) has warned of a new case of phishing, which uses the chain of shops specialising in DIY, construction, decoration and gardening as bait.

The subject of the messages may vary, although the aim is to capture the recipient's interest: "We have a surprise for Leroy Merlin customers. Complete our Leroy Merlin survey and unlock a Dexter tool set. Take our Leroy Merlin survey today!"

However, the sender has nothing to do with Leroy Merlin or its website, as it is XXX@denant.elecommunals.com.

As for the body of the message, it includes an image that offers the opportunity to get the toolkit for free and a link to complete a survey. This link leads to a page that pretends to be the official Leroy Merlin page by using its logo, corporate colours and different resources to make the user trust it.

Moreover, as pointed out by Incibe, and echoed by the consumers and users organisation (OCU), the mail is full of messages of haste, including a counter, urging the user to complete the survey before the promotion runs out.

After completing the survey, the user is taken to another screen where it is made clear that this is a gift, valued at 89.99 euros, and that the user only has to pay two euros for shipping and handling.

Finally, you are taken to a screen where you are asked for your personal details and then for your card details. When selecting "PAY", an error message is received. The payment of the two euros has not been processed, but the victim's data is already in the cybercriminals' possession.

How to act

If you receive an email with the above characteristics, delete it without opening it, and block the sender. However, if you have already fallen for the scam, Incibe recommends notifying the bank to see what steps to take, which will probably involve cancelling the card and monitoring the movements of the account to which it is linked.

They also advise keeping any evidence of the fraud and reporting the incident to Incibe and the police.

Sigues a Raquel Merino. Gestiona tus autores en Mis intereses.

Contenido guardado. Encuéntralo en tu área personal.

Reporta un error en esta noticia

* Campos obligatorios

surinenglish National institute of cybersecurity warns of scam using expensive Leroy Merlin gift as bait