Cadbury Social Media Scammers Take Chocoholics for a Ride

A fake Facebook Group is using the lure of a free hamper of Cadbury chocolate to trick social media users into divulging their personal and financial details, it has emerged.

Spotted by think tank Parliament Street, the campaign is based around “Cadbury Rewards,” which has been set up with official logos to spoof a legitimate group on the social media site.

Various posts from the group claim that the chocolate-maker, now owned by multinational Mondelēz, is sending a hamper to everyone who replies before midnight, as part of a celebration of its 126 years in business. In reality, the company is 196 years old, having been founded in 1824.

Variations on the theme include messages from specific named individuals, said to be ‘managers’ at the firm, while others claim cash prizes will also be sent to randomly chosen individuals.

Victims are urged to click through, where they’ll be taken to a Cadbury-branded phishing page to enter name, home address, phone number, email address and bank card details.

The campaign appears to have been launched over the weekend and already has hundreds of comments and nearly 2000 likes.

"We can confirm that this has not been generated by Mondelēz and would urge the general public to not interact or share personal information through the post,” a Mondelēz International statement warned.

"The security of our customers is our priority and we’re working with the relevant organizations to ensure this is resolved.”

Egress CEO, Tony Pepper, claimed the volume of such scams across social media, email and mobile channels is increasing in the run-up to Christmas.

“If someone is asking for your card details, on social media or over email, always look closely at why they would need that information. If someone is offering you free products, but requesting you provide your card details, alarm bells should start to ring,” he argued.

“A Google search will show you the retailer’s genuine website, where you can find links to their real social media pages, so you can check if the offer is posted there. If you’re still not sure, you can always reach out to the retailer via their website, to check that the offer is genuine.”

This is not the first time Cadbury, which was the inspiration for Roald Dahl novel Charlie and the Chocolate Factory, has been used in phishing scams. A similar hamper scam was spotted back in 2018, although on that occasion getting the age of the company correct.

What’s Hot on Infosecurity Magazine?