Phishing scam spoofs Lazada SMS account

Lazada on Monday, June 21, confirmed a new scam making use of the official Lazada SMS account which sends one-time pins (OTPs) to trick users into sending money.

A Rappler reader emailed his experience of the scam, showing a screenshot of the Lazada SMS account and several OTPs sent along with an unusual message claiming that the reader won a prize that can be claimed through a link.

The reader showed the various pages with strange URLs to which he was led, claiming he'd won a prize. The URLs shown were clickposting.info and crazygadgets.club. Beyond this incident, strange-looking, unfamiliar URLs are usually best avoided.

Eventually, the reader said he was led to a page asking for his credit card credentials and to pay 25 euros (about P1,500) to be eligible for the prize. The reader was able to avoid the scam, having inquired with Lazada.

"We have been made aware of this new scam, where individuals are lured by an SMS message to make a transaction outside of the Lazada platform in order to qualify for a prize. Lazada does not have such a promotion, will never require our customers to share personal bank details or make a transaction outside of our platform," said a Lazada spokesperson in an email to Rappler.

It is currently unclear how the Lazada SMS account was spoofed, which is the most worrisome aspect of the incident. Lazada said it is investigating the situation, and reminded users to keep communications and transactions within the app. – Rappler.com

Have you been a victim in an online scam? Email the editor at angelo.gonzales@rappler.com.

Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.

image