LEGO Facebook Scam [EN]
Get Millennium Falcon Lego set for 39 CZK! Or not?
![LEGO Facebook Scam [EN]](/images/f/5/2/3/c/f523c8411877effaa05a15f73ed8cf5de3a07473-legoheader.png "LEGO Facebook Scam [EN]")
Recently, I came across another fraudulent activity, this time one of Facebook ads caught my attention. It was the week after May 4, which is unofficially called Start Wars Day (based on the punchline May the Fourth be with you) when Facebook ads offered me an irresistible offer to purchase the Millennium Falcon Lego set for just 39 CZK. The ad targeting was spot-on, as it specifically reached out to me as a Star Wars fan. Moreover, it mentioned Star Wars Episode VI 40th Anniversary, which is indeed coming this year. Unfortunately, this was a scam that tried to extort sensitive personal data and credit card information from potential victims using various techniques.
The fraudulent ad contained, in addition to a obviously photoshoped introductory photo, fraudulent comments containing photos, forged conversations in Czech and interactions between the "people" who took advantage of the offer.
If a potential victim clicks on the ad, they will be taken to a fraudulent phishing site. The fraudulent page displayed the promised LEGO set of Han Solo's Millennium Falcon ship, with accompanying text about the chance to win it. But first the user must answer three questions to verify that they are a real person. Of course, there was also an urgency factor involved, with the site informing the user that the number of lego sets on offer was limited.
After answering the questions, the fun part began. The user is presented with an interactive game in the form of closed boxes. An information window informs the user that if they choose the correct box, they will win the coveted Lego set at a heavily discounted price. To add to the illusion of authenticity, the scammers ensured that I won the prize on my last attempt (Lucky me 😄). This is a well thought out move to make the victim feel special and persuade them to continue.
After obtaining the coveted LEGO set from box, the victim is redirected to a fraudulent order form, where is asked to provide personal information such as name, address, email, and even phone number. This information can already be used by scammers in many ways, for example, for further phishing attacks.
Filling out the form is not the end of the scam and in the last step the victim is redirected to the payment gateway demanding card details. The payment gateway does indeed promise to pay 2 euros, not for a Millennium Falcon LEGO set, but for a three-day trial of some probably not entirely legitimate membership. If the victim reads the little grey text, they'll learn that after the three-day trial expires, 69 euros will be charged to their card every 30 days. Therefore, in the end, whole thing can only be an unfair practice to lure customers. Be that as it may, I don't think I would ever see my Millennium Falcon Lego even after payment.
Fortunately, some security solution vendors label the site as illegitimate.
May the force be with you and remain skeptical of similar online offers, that appears too good to be true.
![SAZKA SMShing Attack [EN]](/images/4/7/5/7/c/4757c327cf9eaa772cb3677e82e3bbb786766a78-banner.png "SAZKA SMShing Attack [EN]")
![Random Security News [CZ]](/images/f/9/e/6/0/f9e607b5573ed22609f53d567cd9a6e0bc065c32-internet-security.webp "Random Security News [CZ]")
![Random Security News [CZ]](/images/f/0/e/2/1/f0e218aedf4b8a6f9fb82df33b72891117f394de-internet-security.webp "Random Security News [CZ]")
![LEGO Facebook Scam [EN]](/images/9/5/8/8/8/95888f0e6396e4d4be8ec7a82755e778c40a2646-legoheader.png "LEGO Facebook Scam [EN]")
![SAZKA SMShing Attack [EN]](/images/b/9/a/6/e/b9a6ec564c74de29d94bd55b18580218f894cc15-banner.png "SAZKA SMShing Attack [EN]")