Hackers impersonate ASDA CEO Roger Burnley in free £35 gift box shopper scam

Cyber criminals are targeting ASDA shoppers on Facebook with a sophisticated new online scam, purporting to be from the supermarket’s CEO Roger Burnley.

The fraudulent page has been uncovered by the Parliament Street think tank’s cyber research team, who issued a warning to consumers via social media.

The scam begins with a fake Facebook page called “ASDA Stores” offering a free £35 giftbox, alongside an image of man in a warehouse next to ASDA branded cardboard boxes. The random man, who is wearing glasses, dressed in blue jeans and scruffy shirt and is not the current CEO Roger Burnley.

The accompanying text reads: “My name is Roger Burnley and I am the CEO of ASDA Inc. I have an announcement to make – To celebrate our 71st Anniversary this year we are giving everyone who shares and comments by 11.59pm tonight one of these gift boxes containing a £35 ASDA voucher plus surprises that will make your heart flutter.”

Users are then directed to an ‘enter online’ link which asks for their email address, bank details, phone number and security code.

The fraudulent Facebook page already has over 4,000 likes and 5,000 comments from members of the public.

One user called Brenda commented, “Shared, thank you for bringing a little joy into people’s lives I could do with something to make my heart flutter after a very sad year Happy Anniversary Asda xx”. Another called Susan said, “Well done Asda putting a little cheer out there at the present time thank you!

Cyber security expert Andy Harcup, VP, Absolute Software, comments: “Cyber criminals are becoming increasingly adept at exploiting big brands in order to gain the trust of consumers, in an effort to steal data. With the Covid-19 pandemic forcing millions to work remotely from home, using company-issued laptops and smartphones, these risks are amplified if hackers get hold of key data such as usernames and passwords. In these turbulent and uncertain times, it is essential that businesses ensure the proper security systems are in place to prevent hackers from hijacking company devices and keep employees safe from online threats.”

Andy Heather, VP, Centrify, added, “This is the latest in a series of online scams utilising social media posts to fool shoppers into handing over their bank details. With lockdown forcing millions of people to stay indoors, with many on the furlough scheme, it’s all too easy to fall for false promises and online free gift offers orchestrated by cyber criminals. It’s critical that consumers remain vigilant and stay alert when receiving such offers, remaining cautious about handing over personal details that could be used to impersonate them and steal data from their place of work. Likewise, companies must do more to educate workers about the cyber risks associated with remote working, and ensure they have the security systems in place to verify the identify of staff, to keep hackers locked out from the company systems.”