- Scammers are taking advantage of the chip shortages that have aspiring PS5 buyers still waiting.
- They promise the new console as a gift in giveaways, but they only steal personal data on phishing sites.
- The signs of fraud are evident and pretty clear, but users with no composure may still ignore them.
There’s a wave of fake PlayStation 5 contests and giveaways hitting the net right now, as scammers are actively exploiting the fact that Sony cannot keep up with the massive demand for its newest console. People are constantly scanning the web for stocks to appear anywhere they can buy a PS5 from, but everything is depleted pretty quickly. Thus, fake giveaways promising to hand out the elusive gaming console are doing quite well in terms of convincing a large number of people.
A report from Kaspersky warns about the rising problem and shares the signs and also quirks of the most common campaigns of this kind, active out there right now. First, the emails informing people about these fake giveaways arrive from any email address crooks can use or happen to have available. In the following example, we see it arriving via an address impersonating GSK India, which was clearly set up for a different phishing campaign.
As the researchers explain, signs are everywhere for those who have the cool to look into the details. For example, the terms of conditions of the contest mention a company named ‘toleadoo GmbH,’ a German corporate family operating in the gambling space, and which has been previously accused of selling customer details to telemarketers and scammers. Even if they're not directly related to this, that firm has nothing to do with GSK India or Sony.
The goal for the senders of these emails is to trick people into visiting their phishing site, but before they’re taken there, they are passed through an Amazon-looking page sitting on ‘kahitbutas[.]com’, where they are asked a couple of basic questions. There, the visitor is presented with a wheel of fortune that always wins the prize, so the ground for the phishing part is now set.
On the next redirection, which uses the domain trytowinaprize[.]com, the victim is urged to enter their full name, address, phone number, and email address.
Most importantly, though, they are asked to pay a pound or so, supposedly for some “verification” reason that the scammers don’t even bother to define. There, the victim is requested to enter their full name again, their card number, the expiration date, and the CVV code. Having all that, the crooks can purchase anything they want using the victim’s card, so the small amount requested is just a pretense.
While we gave you some domains as examples, these scammers are far from being limited to the above. Thus, you should always check where you’ve landed, avoid clicking on email buttons and URLs in the message body, use an up-to-date internet security solution, and never enter your sensitive details on websites that you don’t know or trust.