A scam involving someone impersonating the CEO of the British retailer Marks & Spencer has been observed by security researchers recently. Advertisements have been posted online that show a man who is of no resemblance to Steve Rowe, the CEO of Marks & Spencer, holding shopping bags, with a message attached that states, “Hello everyone, my name is Steve Rowe and I am the CEO of Marks and Spencer! I’ve an announcement to make – To celebrate our 135th Anniversary, We are giving EVERYONE who shares & then comments by 11:59pm tonight one of these mystery bags containing a £35 M&S voucher plus goodies! Make sure you enter here [URL].” If the link is followed, users will arrive at a page the looks like a portal for M&S that requests name, address, mobile phone number, and bank details including SORT code and account number. It is unknown how many people, if any, have fallen victim to this scam, but it is being widely distributed.
Analyst Notes
With the busy holiday shopping season fast approaching, many retail related scams will be going around that aim to gather information from shoppers, and this is just one of the many examples. One of the main ways to verify the legitimacy of an offering or special is to check the company’s social media—if it isn’t mentioned on their social media than it is likely a scam. Just like with phishing email, it is important not to click links in advertisements or provide personal information if it seems like there may be something off. Remember, the chance at 35% off is never worth having your information stolen.
Source: https://www.infosecurity-magazine.com/news/ms-boss-spoofed-in-gift-voucher/?&web_view=true
