Facebook Scam Promises Cheap Aldi Meat Boxes, Steals Payment Info Instead
A Facebook scam campaign uses fake Aldi meat box offers to trick users into entering payment details on phishing sites, with Malwarebytes flagging the operation as a classic social engineering scheme.
A new Facebook scam campaign is luring users with promises of cheap Aldi meat boxes, ultimately stealing payment information and personal data. The scam, detailed by Malwarebytes Labs, uses compromised or fake accounts to post personal stories about a supposed insider deal at Aldi, directing victims to phishing sites that mimic the supermarket chain's website. The campaign highlights the growing prevalence of online shopping scams on social media, which now account for two-thirds of all such fraud.
The scam begins with a Facebook post from a random account, which may be compromised or completely fake. The post claims: "My son works at Aldi and told me about something almost nobody knows. If you're over 40, you can get a meat box from Aldi for under $10." The post includes a link in the comments, a tactic used to avoid automatic detection by the platform. Malwarebytes Scam Guard flagged the post, noting several red flags: an unusual offer, an anecdotal story to build trust, an arbitrary age restriction, and urgency designed to discourage critical thinking.
Clicking the link leads to a chain of redirects. The first redirect uses a link-shortening service (cutt[.]ly) and performs device fingerprinting via embedded JavaScript. The next redirect sends victims to gifts-survey[.]life, a site designed to mimic Aldi's website. The scam page creates urgency with messages like "only 1 spot left" and "you only have 2 minutes to complete the survey." After completing a short survey, victims are told they've "won" and are forwarded to hyperbargainsflow[.]shop, where they are prompted to enter payment details for a fake delivery fee.
The final page asks for full name, contact information, home address, and payment details. The site also uses tricks like over 1,000 fake 5-star ratings and attempts to auto-complete and auto-submit forms if fields are detected as pre-populated. Malwarebytes found that similar campaigns have targeted Woolworths customers in South Africa and Australia using fake butcher profiles, and the Aldi angle has appeared in other countries as well.
To stay safe, users should be wary of any post that promises high-value products for an extremely low price. Real retailers advertise widely and on their own accounts, not through badly written Facebook posts from throwaway accounts. Users should check the browser address bar carefully, as scam pages can copy a brand's logo and colors perfectly but the domain name usually gives the game away. Never enter card details, full address, or phone number into a site reached via a random social post.
If you have already fallen victim, contact your bank or card issuer as soon as possible and monitor your statements. Use an up-to-date, real-time anti-malware solution with web protection. Malwarebytes blocks connections to unsafe sites like gifts-survey[.]life. The company also recommends reporting such posts on Facebook by clicking the three-dot menu and choosing "Report post > Scam, fraud or false information."