At the end of March 2022, social media users reported that a message was circulating on WhatsApp offering a free chocolate Easter basket from Cadbury. This was not a genuine offer from the famous chocolate company. This message was part of a phishing scam that used promises of free chocolate to lure users and trick them into giving away their personal information.
On WhatsApp, many people encountered the following message:
There are a few red flags here. First, social media users should be wary of any message offering something for free. Second, social media users should be wary of unfamiliar URLs. While companies may truly offer giveaways on occasion, these promotional offers will come from official company sources. The above-displayed message, however, was not posted by Cadbury, and the above-displayed link is not a link to Cadbury's official website.
Keep your eyes peeled for this fairly convincing Cadbury themed phish!
It's clearly designed to mirror the current Cadbury Easter Egg Hunt campaign, with the chance to win one of 5000 possible free gifts. The only thing more wrong than this is the act of biting the top off of a Creme Egg to lick the filling out.
First thing to pay attention to is that short URL. There's a good reason why we don't like short URLs in the Cyber Crime Unit... They make it much harder to tell where you're actually heading. Also, that .ru domain. There's no good reason for Cadbury to have a Russian address.
Then there's the website itself. ⚠️DON'T CLICK THE LINK⚠️. Our Cyber Protect Officer has done it for you.
The site looks fairly convincing, however the only buttons that actually work are the ones to answer the questions. The search icon and the three little lines do nothing at all.
Once you answer those question, you're taken to a little game where you have to "find your prize". Conveniently, your first and second tries won't be successful, but you'll "win" on your third go! At that point, to claim your "prize", you'll be asked to hand over all sorts of personal information. That's where the scam comes in!
Far too high a price to pay for some free chocolate. Especially when Creme Eggs are two for a quid!
The 2022 Cadbury Easter Egg Hunt scam follows the same formula as other social media scams. The fraudsters use an enticing offer (free chocolate) to lure consumers and get them to click on a link. Then, the fraudsters use various tactics (in this case a brief game to "find your prize") to trick users into giving away personal information (such as a credit card number).
These scams often target consumers of well-known brands, such as Cadbury, and include media or logos that imitate the visual design of those companies. In fact, Cadbury has been repeatedly used in such scams. In 2020, for example, a scam claimed that Cadbury was giving away chocolate hampers for Christmas.
In March 2022, the Cadbury UK Facebook page posted a message warning its fans about the current scam:
We’ve been made aware of circulating posts on social media, claiming to offer consumers a free Easter Chocolate basket. We can confirm that this has not been generated by us and would urge consumers not to interact or share personal information through the post. Customer security is our priority and we’re working with the relevant organisations to ensure this is resolved.