The National Cybersecurity Institute and the Catalan Cybersecurity Agency have warned of an online scam that impersonates Lidl with fraudulent ads on search engines and messaging apps to lead users to fake websites.
The bait imitates the chain's design and promises bargains with urgent messages, but the purchase never arrives. That is the key to the fraud, because while it appears to be a last-minute offer, the transaction serves to steal personal and banking data from those who complete the payment.
Fake ads imitate Lidl and push purchases with urgent messages
Cybercriminals use claims about last units or discounts about to expire to force a quick decision. They also show supposed recent orders with the intention of giving credibility to the page and reducing the buyer's doubts.
In addition to search engines, the deception circulates through messaging apps via links that redirect to sites that copy Lidl's appearance. The goal is for the user to believe they are on a legitimate website when in reality they are browsing a portal controlled by scammers.
The Catalan Cybersecurity Agency warns that if an item is purchased, it will never be received at home and, at the same time, the data provided during the purchase will be exposed to cybercriminals.
"If an item is purchased, it will never be received at home and personal and banking data will also be in the hands of cybercriminals" - Catalan Cybersecurity Agency
Lidl asks to check the official website before paying for any offer
In the face of this type of fraud, cybersecurity organizations recommend distrusting excessively low prices and always checking the official website before entering payment details. They also ask to exercise extreme caution with suspicious sponsored ads and links received by messaging.
It is not enough for the ad to use the brand's usual logo or colors. Scammers copy the design to give a familiar appearance and take advantage of impulsive purchases linked to supposedly limited discounts.
Lidl in Spain has confirmed that these types of pages are a fraud detected with the help of customers. The company adds that its security department is already working on these cases.
"These types of pages are a fraud" detected "thanks to the collaboration of our customers and on which our security department is already working" - Lidl in Spain
The most concrete recommendation of the alert is to not enter personal or banking data on dubious pages and to always verify the official web address before closing a purchase.