• Malwarebytes warned of a Facebook scam targeting users over 40 with fake Aldi meat box offers
• Victims are funneled through spoofed landing pages and games before being asked for PII and credit card details
• Researchers caution that such posts are designed for phishing and fraud, urging skepticism toward “too good to be true” social media deals

Security researchers Malwarebytes have warned of an ongoing scam on Facebook attempting to steal personally identifiable information (PII), as well as credit card data, from people aged 40 and above.

In this bizarre scam, a Facebook user (likely a compromised, or fake account) claims that people over 40 years old can get an Aldi meat box for under $10, as long as they fill out a form and sign up for a service.

“Sounds crazy, but it actually worked,” the post reads. “They’re clearing out excess stock and, instead of throwing it away, they’re basically letting people have it for next to nothing. All I did was fill out a short form.”

Spoofing Aldi

That form, the user claims, took about a minute to fill it out. They wrapped up the post by saying the worst thing that could happen is “you lose a minute.”

But according to Malwarebytes’ Pieter Arntz, people can lose a lot more than just a minute of their time. After clicking the provided link, the researcher first had his device fingerprinted, after which he was redirected to a spoofed Aldi landing page.

The page displayed a fake gift box game (like the ones often seen on Temu) and after “winning” the game (the page is designed so that the victim can’t really lose), he was redirected again, this time to a page where he was asked to provide more details.

The crooks asked for everything: names, addresses, phone numbers, and even credit card information to pay for the meat box and faster delivery.

“If a post promises a box of premium meat for the price of a sandwich, assume it is a scam until you can prove otherwise,” Arntz concluded. He also shared an extensive list of red flags found in the post, as well as a checklist on how to make sure you’re not getting scammed on social media.

As with all such online scams - if it seems to good to be true, then it probably is - especially with BBQ season still a few weeks away.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.