A new Adidas phishing scam has been discovered that involves offering free shoes and money. The messages claim that Adidas is celebrating its 69th anniversary and sending 2,500 lucky customers a free pair of Adidas sneakers along with a free $50 a month subscription.
The scam is being aimed at users on mobile devices in specific locations. If the user visit the link in the message and is determined not to be using a mobile device, they will be sent to a webpage that displays a 404 error. The scam is being conducted if the user is in the United States, Pakistan, India, Norway, Sweden, Nigeria, Kenya, Macau, Belgium or the Netherlands.
Once the user is on a mobile device and is based in one of the targeted countries, a series of four questions will have to be answered. The replies to the questions are irrelevant as all users will be provided with a “free” pair of sneakers after answering the four questions.
To be able to claim the prize, users must send the offer to their contacts on WhatsApp. Regardless of whether the user does this, they will be sent to another webpage where they are given further questions and are then offered a “free” pair of sneakers worth $199.
However, there is another catch. In order to claim the free sneakers, the user must hand over $1. The user is told that they will also be charged $49.99 a month for the subscription at the end of the month if they do not cancel it. The user is told they can cancel at any point in the future.
On the payment screen the user is told that the payment will be processed by organizejobs.net. Proceeding with the payment will result in the user being charged $1, followed by the subscription cost of $49.99 in 7 days.
The campaign is being conducted over WhatsApp, although similar scams have been conducted using email and SMS messages. Manyl variations along the same theme have also been discovered using different shoe makers.
The link given in the WhatsApp message appears to be real, using the official domain for the country in which the user is located. While the domain looks genuine, this is an example of a homoglyph attack. Instead of the domain adidas.de, the i is replaced with a vertical line – a homoglyph attack.
These types of scams are widely seen. Homoglyph scams take advantage of the ability to use non-ASCII characters in domain names. Similar scams use a technique referred to as typosquatting – where domains closely matching real brand names are created: Incorrect spellings for instance, such as “Addidas” instead of Adidas, or with an i replaced with a 1 or an L.
In this instance, the hackers seem to be earning a commission for getting users to sign up, although disclosing debit and credit card details could easily obtain the information used to run up huge bills or drain bank accounts.
There are many warning signs indicating this is an Adidas phishing scam. Close scrutiny of the domain will show it is incorrect. The need to send on the message to contacts is atypical, being alerted of a charge after being told the shoes are free, the failure to ask the user to choose a pair of shoes or even pick their size, and an odd domain name is used to complete payment. However, even with these tell-tale signs that the offer is not authentic, this adidas phishing scam is likely to trick many people.
