A new email scam is sweeping the UK, pretending to offer free Starbucks coffee gift boxes. This phishing attack has already tricked thousands of people, raising serious concerns about fraud awareness. Action Fraud, the UK’s national centre for fraud and cybercrime reporting, has received over 900 complaints about this scam in just two weeks.
The emails contain harmful links designed to steal personal and financial information or install malware on your device. The fraudsters are relying on Starbucks’s popularity to lure in unsuspecting victims.
How the Scam Works
The phishing emails look like official communications from Starbucks, but they are far from it. They use a well-known brand to build trust and trick people into clicking on dangerous links. Fraudsters send these emails in bulk, hoping that even a tiny percentage of recipients will fall for it. The cost to run such a scam is minimal, making it a low-risk, high-reward strategy.
David Spencer, Director of Technical Product Management at Immersive Labs, explained: “The goal here is maximum profit. Fraudsters know that the more people they target, the more likely they are to get clicks.” Mike Britton, Chief Information Officer of Abnormal Security, echoed this sentiment. “Creating a phishing email that looks like it’s from Starbucks is simple. It only requires them to set up a fake landing page to steal credentials. Once they’ve gained access to a victim’s Starbucks account, they can also try the same credentials on other sites. Even if only a few people take the bait, the scam is worth it for them.”
Playing Mind Games
Fraudsters know that familiarity breeds trust. Javvad Malik, a Lead Security Awareness Advocate at cybersecurity firm KnowBe4, pointed out how fraudsters exploit this: “People trust well-known brands like Starbucks. Fraudsters use this trust to manipulate their victims. When you receive an email from a company you recognise, you’re more likely to believe it’s genuine.”
It’s important to remember that Starbucks, like many reputable companies, will never ask for sensitive information through email. If something sounds too good to be true—like a free gift box from Starbucks—it’s probably a scam.
A Repeat Offender
This isn’t the first time fraudsters have used Starbucks in their phishing attacks. Earlier in 2024, another scam circulated, promising recipients a “special gift” ordered by a friend. This particular email contained a dangerous malware known as the banking Trojan ZeuS. If opened, it installed itself as a rootkit, making it very hard to remove.
Javvad Malik from KnowBe4 noted that most email scams follow the same three-part formula: “First, they establish authority by pretending to be a trusted brand or someone you know. Next, they trigger an emotional response, like excitement about receiving a gift. Finally, they create urgency by making the offer time-limited, forcing you to act quickly.”
Timing is Everything
In this particular email scam, timing plays a crucial role. David Spencer from Immersive Labs explained that attackers often send phishing emails early in the morning when people might not be vigilant and are craving their morning coffee. This tactic increases the chances of someone clicking on the malicious links without thinking twice.
These scams are carefully designed to catch you off guard. That’s why fraud prevention methods, such as scrutinising every email and avoiding clicking on suspicious links, are essential to protect yourself.
Report Suspicious Emails
If you receive an email that looks suspicious, forward it to Action Fraud’s Suspicious Email Reporting Service (SERS) at [email protected]. This service has been instrumental in tracking and shutting down phishing scams.
Since its launch in 2020 by the National Cyber Security Centre (NCSC) and the City of London Police, over 32 million phishing emails have been reported. In 2023 alone, over 11 million reports were made to SERS, a significant increase from the previous year. Reporting phishing emails can help authorities prevent future scams and protect others from becoming victims of fraud.
Fraud Prevention Tips
To protect yourself from email scams like this one, follow these essential tips:
- Never click on suspicious links: If an email looks even slightly suspicious, don’t click on any links or download any attachments.
- Verify the sender: Always check the email address to see if it matches the official domain of the company it claims to be from.
- Look for signs of phishing: Phishing emails often contain spelling errors, grammatical mistakes, or unfamiliar greetings.
- Don’t share personal information via email: Reputable companies will never ask for sensitive information through email.
- Use two-factor authentication: This adds an extra layer of security to your accounts, making it harder for attackers to gain access.
Fraud prevention starts with fraud awareness. Stay alert, and always think twice before clicking on anything suspicious. Fraudsters are becoming more sophisticated, but by staying informed, you can protect yourself and your finances. The rise of phishing scams like this Starbucks email scam shows how fraudsters are constantly finding new ways to target victims.
By following simple safety tips and reporting suspicious activity, you can help stop fraudsters in their tracks. Remember, if an offer seems too good to be true, it probably is. Stay cautious, stay safe, and help spread the word about these scams to protect others.