Decathlon wins you a Van Moof bike? Failed, it’s a phishing

Yes, the Decathlon email about a Van Moof S3 bike you received is fraudulent.

Today’s price is a Van Moof S3 bike “, Advances an email in the colors of Decathlon, received by many Frenchmen and women, several versions of which Cyberguerre has observed. We would be part ” of 10 randomly selected users each month “By the French brand for” give them the chance to win fabulous prizes “.

At the bottom of the message it is clearly stated that the offer would be ” reserved To our email address. What a lovely gift! Van Moof has its place among the benchmark electric bike brands, and the S3, a model released in June 2020, costs € 1,998. Problem: as often, when the situation is too good to be true… it is because it is false. As you suspected by clicking on the article, we can confirm it to you: it is a phishing email.

The fake email uses Decathlon blue. // Source: Numerama screenshot

Different versions of the email circulate: the landing page and the purpose of the manipulation may differ from one case to another. We also observed that many malicious pages were labeled as such, or even deleted the day after the attack.

In the example that we were able to follow to the end, the criminals trap the victims by pushing them to subscribe to a cosmetic service, unrelated to Decathlon or Van Moof. A wacky tactic, but one regularly employed by scammers, who hope to hide a recurring theft of a small amount behind a genuine transaction.

How do you spot phishing early on?

First of all, you have to ask yourself questions on the merits, and therefore on the situation that presents itself to us. Decathlon would offer us a Van Moof bike. If you’re interested in e-bikes a bit, you’ve probably already raised an eyebrow. But even if you don’t know the Dutch brand, you can quickly check the link between the two brands. A quick tour of the Decathlon site shows that the French brand does not sell these electric bikes, and it would therefore have no interest in promoting them in a competition. Weird.

Then, the email specifies that the gift will be ” reserved for 5 minutes »And that if we do not claim it, we will let our chance pass for the benefit of another client. It is a very common string in phishings: the thugs push you to rush your decisions and to act in an emergency. They hope that this way, you won’t take the time to ask yourself the right questions about the situation. In short, if an email requires you to react in an extremely short time, it is certainly fraudulent.

Did you verify the address behind the name?

In a second step, it is necessary wonder about the form. All the emails we have received have the subject line ” Thank you for your order number [suite de chiffre et de lettre] “. The whole thing, preceded by two smileys. Not only did we not order anything from Decathlon, but in addition, the object has no relation to the content of the email, an alleged competition. Finally, Decathlon did not use a smiley face in the order confirmation emails that we received before.

That’s not all: if the emails appear as coming from Decathlon, it is possible to verify with a single click that the email address behind this appearance does not belong to the French brand. For example: “notice @ report-tool[.]com “or” dwl755578bsot@webapp.aspiringmail[.]com ”. The thugs have bet everything on the urgency and they have not taken care of their email address.

What happens when we click on phishing?

We clicked on the link given in the email. A fake Decathlon page with an unlikely URL opens. At the bottom of the page, fake Facebook comments tell of their luck or success in the pseudo-competition.

The URL of the page is enough to discover the subterfuge. // Source: Numerama screenshot

We are made to complete a MCQ under the pressure of a running stopwatch. Man or woman ? Age range ? Number of children? After answering these few questions, a message appears ” Congratulations, we have successfully verified your answers. “. 9 surprise boxes are displayed on the screen, we click on one of them. Failed, it is empty. Fortunately, we are given a second chance and this time we win.

We won a Van Moof! ! Wooooo! (no) // Source: Numerama screenshot

Funny detail: we had encountered this exact same layout in a previous phishing, where Amazon and an iPhone played the role of Decathlon and Van Moof. This is not surprising: thugs buy or download phishing pages to copy on the black markets. So they don’t need to develop the pages themselves (most can’t), and they just have to customize the page content to their liking.

One more click, and here we are on a new page (again at a shady address) which displays Van Moof’s S3 in large size. Just below is a sales quote – “iPhone with pedals” – supposedly from Süddeutsche Zeitung, a major German daily. This detail would be a sign that the scam has been translated into several languages.

Always pay attention to the very small writing at the top. // Source: Numerama screenshot

The page explains to us that it suffices to pay 2 euros to recover our winnings, and asks us to fill out a registration form with our first name, last name, address, phone number and email before proceeding to payment. Again, this step is subject to a 5 minute stopwatch.

We do not immediately proceed to payment: the insert written in lowercase font at the top of the page catches our attention. It evokes a “special offer”, a “gift card” or a “subscription service”. Going down to the bottom of the page, the subterfuge is revealed, by a section “How registration works”. If we give out our banking information, we actually sign a subscription for 37 euros per month to an unknown cosmetics site, created in 2021 and possibly fake, called MyFaceClub.

We can of course doubt whether the termination of this service is as simple as the site claims (or that the amounts withdrawn are indeed those indicated). This end of the course is definitive proof that neither Decathlon nor Van Moof have any connection whatsoever with this campaign.

What if I have taken a phishing bite?

  • Did you just click on the link? No need to worry.
  • Have you completed the registration form? Beware of the emails and calls you will receive in the days to come. Rogue salespeople might try to subscribe to the service. Observe some hygiene measures n
  • Did you give your banking information? Oppose your bank card as soon as possible. Your bank surely has a phone number reachable at all hours to do so. If you find a fraudulent transaction on the account, report it on Perceval, the public platform dedicated to reporting bank fraud.

Related Articles