Leroy Merlin scam alert: Phishing campaign targets users with fake survey

Leroy Merlin scam warning

by Lorraine Williamson
scams

A new phishing campaign is using Leroy Merlin’s name to trick users into providing their personal and banking details. The scam involves fake emails that promise a free tool set in exchange for completing a survey, but users are asked to pay for shipping, ultimately leading to data theft.

The National Cybersecurity Institute of Spain (INCIBE) has identified this scam, warning users to remain vigilant.

How the Leroy Merlin scam works

Phishing emails claiming to be from Leroy Merlin are being circulated, inviting recipients to participate in a survey. In return, users are promised a “free” Dexter tool set but must pay a small shipping fee. The scam attempts to collect users’ personal information and banking details during this process.

The emails feature attention-grabbing phrases, such as:

  • “Your experience with Leroy Merlin could win you a Dexter tool set!”
  • “Exclusive opportunity: Win a Dexter tool set from Leroy Merlin by sharing your thoughts!”
  • “Complete our Leroy Merlin survey and get a free toolset!”

If the recipient follows the link, they are taken to a fake website that looks legitimate but does not belong to Leroy Merlin. Users are prompted to complete a survey, provide personal information, and enter their payment details for the supposed shipping costs.

What to do if you receive this email

If you receive a suspicious email claiming to be from Leroy Merlin, do not click on any links or provide any information. Instead:

  1. Report the email: Forward the email to the INCIBE incident mailbox. This helps protect other potential victims.
  2. Block and delete: Block the sender and remove the email from your inbox to prevent further risks.

What to do if you have provided information

If you have already entered your personal or banking details, take the following steps:

  1. Contact your bank: Inform your bank immediately about the situation. Monitor your account for any unusual activity and cancel any suspicious transactions.
  2. Gather evidence: Keep any emails or screenshots of the scam process. These can serve as proof for further investigation.
  3. Check for misuse of personal data: Practice “egosurfing” by searching your name online to check if your data has been used without your consent.
  4. Call INCIBE’s helpline: Contact INCIBE via their cybersecurity helpline at 017 for further advice.
  5. Report to authorities: File a report with law enforcement, providing all evidence to aid in the investigation.

How to spot a phishing email

Phishing scams often use urgency and enticing offers to lure victims. In this case, emails contain words like “FREE” in large text to draw immediate attention. They also link to URLs that do not match Leroy Merlin’s legitimate domain.

Always verify the authenticity of such emails by contacting Leroy Merlin directly through their official customer service channels. Do not trust links or offers that seem too good to be true.

Protect yourself online

Staying informed is key to avoiding scams. Always be cautious about unsolicited emails, especially those asking for personal or banking information.

What is Dorking?

Dorking is a technique used by cybercriminals to search for sensitive information that is openly available online. By using advanced search engine queries, they can find details such as email addresses, passwords, and other private information that has been mistakenly made public. It is important to be aware of what information about you may be accessible online and take steps to protect it.

How to Search for Your Name Online

To check what information is available about you online, practice “egosurfing.” This involves searching for your name on search engines and reviewing the results. Look for any unexpected or suspicious information, such as your personal details being posted without your consent. Regularly checking your online presence helps ensure your data remains secure.

For more information or support, contact INCIBE at 017 or visit their website for further resources.

You may also like