An investigation by Parliament Street cyber research team has uncovered a suspicious Facebook Group called ‘Cadbury Rewards’ with a message purporting to be from a Cadbury regional manager called Anna Burton.
The message, which is accompanied by an image of a woman clutching a hamper of chocolate including Twirls, Curly Wurlys and Dairy Milk bars, reads: “Hello Cadbury Fans! I’m Anna Burton, a regional manager at Cadbury UK and today I have some news that might excite you. We are going to celebrate 126 years of Cadbury today by doing something very special for you all, we will be sending one Cadbury Hamper to EVERYONE who shares and comments by 11.59pm TONIGHT. Make sure you enter here [Fake website URL].”
Online security experts say victims are then directed towards a fraudulent website using Cadbury branding. It asks entrants to input their name, home address, phone number, email address and bank card details in order to be eligible.
A spokesperson for Mondelēz International, owners of Cadbury, told ConfectioneryNews: “We’ve been made aware of a circulating post on social media, claiming to offer consumers a hamper of free Cadbury products. We can confirm that this has not been generated by Mondelēz and would urge the general public to not interact or share personal information through the post. The security of our customers is our priority and we’re working with the relevant organisations to ensure this is resolved.”
Additionally, Parliament Street researchers said they could find no record of ‘Anna Burton’ as a regional manager on social networking site LinkedIn or the Cadbury website. The advert was posted on Facebook over the weekend and by Sunday, 8 November, had over 1,700 ‘likes’ and hundreds of comments.
One Facebook user called Jayne left a comment saying: “I work for the Royal Derby Hospital on a ward caring for the elderly, we are a Covid ward again, all the staff work so hard, it would be lovely to win one of these and share with the staff.”
Cyber security expert Andy Heather, VP, Centrify said: “With the Christmas season fast approaching, it’s no surprise that hackers are attempting to lure lockdown-weary members of the public into handing over their bank details and passwords with the promise of chocolate hampers and tasty treats.This is the latest in a series of scams whereby social media platforms are being used to elevate awareness and spread the fraud, hijacking official branding and making use of photos and testimonials to fool victims.
“With millions of people now working from home and using company-issued laptops and smart phones during the pandemic, there is an increased security risk to businesses that a cyber criminal is able to imitate an employee using stolen email account credentials. We urge all members of the public to remain vigilant against these phishing attacks and always double check that an apparently sweet deal isn’t going to leave a bitter aftertaste.”