«Please confirm receipt. Please click here!” begins an email supposedly sent by the clothing company Shein. If you have received an email like this, in which you are the winner of a mystery box, Delete it as soon as possible from your inboxbecause it is a scam.
Cybercriminals have impersonated the company to impersonate Shein in a new case of phishinga social engineering technique that consists of sending fraudulent emails that attempt to obtain the personal or banking information of their victims.
Shein does not give away a mystery box in exchange for taking a survey
In the fraudulent email that impersonates Shein, the potential victims to follow a link that leads to a website whose URL address (https://lonesomegrunting.xyz/?encoded_value=223GDT1&sub1=85a95223ee99499c9bb4f6e91a19e8c2&sub2=&sub3=&sub4=&sub5=15938&source_id=20102&ip=2a0c%3A5a81%3Ab306% 3A7300%3Ad1a3%3A21ed% 3A2c13%3A210b&domain=www.todaystrackisfast.com) is not related to the official clothing company: https://es.shein.com/. In fact, the sender of the email is already raising the alarm that it is a case of phishing (Shein_Unlocked [email protected]).
The website to which the email is redirected leads, in turn, to a survey of eight questions. After answering them, a new screen appears to claim the prize, which, as mentioned, is a “mystery box” from Shein. However, at the bottom of the fraudulent website From the survey the following message appears: “This website is not affiliated with or endorsed by Shein or any similar brand and does not claim to represent or own any of the trademarks, trade names or rights associated with any of the products owned by its respective owners who do not own, endorse or promote this website. This is another clue that sets off alarms on the legitimacy of the offer.
Once the survey has been completed, the website leads to another screen in which the victims to enter their personal data. It is at this time that cybercriminals, with the hook of the “mystery box”, take over users’ sensitive information. Furthermore, it is common for companies to announce these types of offers through their official channels. However, in this case, neither the website nor the Shein Instagram account mention sending a mystery box in exchange for answering a survey.
How to avoid phishing?
The National Cybersecurity Institute (INCIBE) offers a series of tips to avoid being victims of this type of phishing scams. First of all, there is no need open unsolicited emails or emails that come from unknown senders. The institution advises eliminating them and blocking the user. You also do not have to respond to these emails or provide personal information.
It is necessary to have updated devices and programs and make sure that the sender, even if it seems known, is legitimate before providing information. INCIBE advises not to follow links provided in emails or download attachments.
Furthermore, it is necessary keep antivirus updated and it is advisable to enable double authentication when possible.
Infoveritas is a verification agency specialized in contrasting news and debunking hoaxes, has signed a collaboration with El Debate to publish two weekly verifications. With this agreement, both media seek to promote critical thinking and reduce misinformation in society.
