Attackers are sending messages disguised as offers from meal-kit services, like HelloFresh.
Attackers are piggybacking off the booming market for meal-kit delivery services since the pandemic, and sending SMS phishing messages doctored up to look like they’re legitimate correspondence from popular brand names including HelloFresh and Gousto.
This is just another example of why the world cannot have nice things.
Researchers at Tessian discovered the meal-kit phishing campaigns and said there are many versions of the phishing pitch. Some are received through SMS, others through WhatsApp. Some ask customers to rate their experience to enter a prize. The messages run the gamut in terms of sophistication from very convincing, to an example Tessian called “easy to spot,” which is riddled with spelling errors.