A recent phishing scam impersonating the Heineken beer brand demonstrates how very little effort is needed by scammers to convince victims to give up all kinds of personal information.
If you’re someone that likes beer, seeing a giveaway from a Beer vendor seems plausible. Perhaps some hats, a coupon, a beer koozie, etc. all would be reasonable “prizes” in said giveaway. But scammers intent on collecting the personal information of victims went all out impersonating Heineken and promoting the giveaway of 5,000 coolers filled with their beer for Father’s Day last month.
As part of the scam, personal details were collected including birthdate, email, address, name, and more. This kind of information could be used to attempt takeovers of legitimate email addresses, used as part of a longer-term doxing effort, or simply be used to impersonate the victim in another scam.
In a statement put out by Heineken, the free beer scam was denounced, with Heineken recommending that individuals not engage with such communications.
But the scam does make a point: as part of creating the illusion of legitimacy, the scammers used a well-known worldwide brand and placed the scam’s hook (the 5,000 coolers) just on the cusp of being implausible – this is what creates a sense of urgency and causes potential victims to forget the need to remain vigilant when interacting with email and web content that is unsolicited – something taught to employees via Security Awareness Training in organizations that are serious about reducing the organization’s threat surface – something that includes the user.