Consumers have been warned to be vigilant about a surge in meal kit delivery scams, following rising demand for these DIY recipe kits during the COVID-19 lockdown.
Cybersecurity firm Tessian revealed it had uncovered a number of SMS scams impersonating well-known meal kit delivery companies, including Gousto and HelloFresh.
These scams come in a number of forms. In one example, several phishing campaigns are impersonating Gousto and asking recipients to rate their delivery to enter a prize draw. The link in the message takes them to a fake website, designed to steal personal and financial information or harvest important credentials.
There is also significant variation in the sophistication of these scam messages, with a particularly easy one to spot stating: “Your Gousto box is now delivered. Enjoy the reoipej! Rate delivesy and enter wrize diaw at ‘URL’.”
Tessian added that thousands of these SMS and WhatsApp messages are typically sent out at the same time.
Gousto has also warned its customers about the scams, posting on its Twitter account: “We are aware that these emails/texts are in circulation unfortunately, and we would advise against opening them. Our Info Tech team are looking into this suspicious activity."
Commenting on the findings, Tim Sadler, CEO and co-founder of Tessian, said: "Throughout the pandemic, we've seen cyber-criminals jump on trending topics and impersonate well-known brands, with increasing sophistication. Often, scammers will register new web domains to set up convincing-looking fake websites, luring their victims to these pages using phishing scams, and then harvest valuable information.
“These scams are getting harder and harder to spot, with the perpetrators regularly coming up with new tactics to convince users to follow their link and input their confidential data. A general rule of thumb is that, if you’re ever not sure if something is a scam, then assume it is. You can always verify a message’s legitimacy with the company directly.”