A new phishing scam is targeting coffee enthusiasts by pretending to offer a free "Starbucks Coffee Lovers Box" in fake emails. These phishing emails contain malicious links aimed at stealing personal and financial information or installing malware. Over 900 reports have been made to Action Fraud, the UK's national fraud reporting centre, in the past two weeks. Cybersecurity experts explain that this scam is simple but effective, relying on the trust people place in well-known brands like Starbucks. By creating convincing fake emails and landing pages, attackers aim to trick victims into sharing their login credentials, which can then be used to compromise their Starbucks account or other accounts using the same login details.

Experts also explain the psychological tactics used in these scams, including impersonating trusted brands, evoking emotional responses by offering tempting rewards, and creating urgency with time-sensitive offers. The scam tends to be sent when people are most vulnerable, such as early in the morning when they are craving coffee. Action Fraud and cybersecurity experts encourage users to remain sceptical of offers that seem too good to be true and to report suspicious emails to the appropriate authorities.

Be aware of the risks:

• Personal Information Theft: The phishing emails can steal login credentials, allowing attackers access to Starbucks accounts or other accounts that use the same credentials.
• Financial Loss: Accessing accounts could lead to unauthorized purchases or bank account access.
• Malware Installation: Clicking the malicious links or downloading attachments could install malware or Trojans like the ZeuS banking Trojan, compromising the user’s device.
• Trust Exploitation: The scam preys on the familiarity of well-known brands, making users more likely to fall for the trick.
• Wider Account Compromise: Using the same login credentials across multiple platforms increases the risk of broader account breaches.

To prevent falling victim to phishing scams like this, users should be wary of unsolicited offers that seem too good to be true, especially those requesting personal or sensitive information. It is important to verify emails from trusted brands by checking their official websites or contacting customer support directly. Additionally, individuals should report suspicious emails to authorities such as Action Fraud and follow security best practices like using unique passwords for each account and enabling two-factor authentication to reduce the risk of broader account compromises.

Source and further reading.

Maundrill, B. . (2024b, October 16). Coffee lovers warned of new Starbucks phishing scam. Infosecurity Magazine. https://www.infosecurity-magazine.com/news/coffee-lovers-warned-of-starbucks