In the last two weeks, Bitdefender telemetry has picked up a spam campaign leveraging the Coca-Cola Company name.
The subject lines ranged from “COCA-COLA LOTTERY ORGANIZATION” to “Coca Cola Email Draw UK 2020 -Coca Cola Lucky Winner 2020” and other similar titles. However, they all claim the recipients have won a cash prize or lottery from the company.
To receive their prize, users must reply to the message and provide personal identifiable information such as name, age, address, e-mail, phone number, occupation and nationality.
“This is to notify you on your winning in the 2020 coca cola promotion raffle draw”, reads one of the fraudulent messages. “You have won one million British Pounds (£1,000,000.00) Kindly reconfirm your details as stated below to enable us give you the details of the promotion and how to claim your winning amount.”
Scammers are also recycling old hoaxes. The US version claims that recipients are the winners of the Coca-Cola January lotto draw, a scam that was acknowledged by the company at the beginning of the year.
“If you are the correct owner of this email address? If yes then be glad this day as the result of the Coca-Cola lotto online e-mail address free-ticket winning draws of January 2020 ,held in United States of America has just been released and we are glad to announce to you that your email address won you the sweepstakes in the first category and you are entitled to claim the sum of One Million Two Hundred And Fifty Thousand United States Dollars(US$1,250,000.00). Your email address was entered for the online draw on this ticket No: 546-373-66773 and won on this Lucky No: (14)-(8)-(5)-(19)-(28)-(12)-(30)”, the message reads.
Some versions of scam indicate collaboration with the government, claiming that “You should quickly contact us with all your contact information concerning the Bank ATM CARD as we have received instructions from the Government on your behalf”.
If any recipients fall for this ruse and provide their personal information, bad actors may initiate additional spearphishing attacks and spam campaigns. Moreover, users may fall victim to identity-theft-related crimes that can take months, or even years, to discover.
No matter how tempting the message may be, it’s critical for recipients to ignore and delete it. Stick to official websites that advertise any promotions and giveaways only, and never provide your personal and financial information to strangers who contact you via e-mail or social media.