A series of deceptive emails claiming to offer a complimentary Starbucks Coffee Lovers Box have recently surged, prompting over 900 reports to Action Fraud, the UK’s national fraud and cybercrime reporting center, in just the past two weeks.
These emails are laced with malicious links intended to capture personal and financial data or to install malware on recipients’ devices.
David Spencer, Director of Technical Product Management at Immersive Labs, highlighted the financial motivations behind such scams, stating, “The aim is maximum profit, so it’s a numbers game. The more targets cybercriminals reach, the more clicks they’ll get.”
Mike Britton, Chief Information Officer at Abnormal Security, emphasized the minimal costs involved in executing phishing scams like this one. “It simply requires them to create an email that resembles a legitimate one from Starbucks, along with a fraudulent landing page to capture credentials,” he explained. He noted that once attackers gain access to a Starbucks account, they may also infiltrate other accounts using the same login information. “Attackers can quickly disseminate millions of malicious emails, and even if only a small fraction of recipients fall victim, it’s still a profitable endeavor,” Britton added.
Javvad Malik, Lead Security Awareness Advocate at cybersecurity firm KnowBe4, underscored the tactics employed by scammers. “Scammers often impersonate well-known brands because familiarity breeds trust. The mind games involved are quite cunning, relying on the trust we place in established brands,” he said. Malik pointed out that reputable organizations like Starbucks rarely request sensitive information via email, advising individuals to maintain a healthy skepticism towards offers that seem too good to be true.
Earlier this year, KnowBe4 alerted the public to a similar scam featuring a fraudulent Starbucks Coffee Gift offer. In that instance, the email claimed a “friend” had ordered from Starbucks and was planning a “special gift” for the recipient. The malicious attachments included a variant of the notorious banking Trojan ZeuS, which, if opened, would install itself as a difficult-to-remove rootkit.
Malik identified three key elements common to such scams: establishing credibility by impersonating trusted brands, invoking an emotional response—such as the excitement of winning a prize—and creating a sense of urgency, such as limited-time offers.
In the case of coffee-related scams, Spencer noted that attackers strategically send emails when individuals are likely to be craving coffee, such as early in the morning, when they may not be fully alert.
“People should remain vigilant against these tactics and report any suspicious emails when in doubt,” Malik advised.
Related Topics:
Figaro Coffee Group Expands Horizons with Rebranding to Figaro Culinary Group
Malaysian Coffee Sensation ZUS Coffee Expands to Singapore
Perera’s Coffee Dream: Ella Coffee House Opens Doors in Coral Springs