How to spot phishing campaigns

How to spot fake, fraudulent, spoofed, or phishing emails and messages

Beware: Fraudsters are looking to get your Criteo credentials

Hackers use emails and messages to deceive people into handing over sensitive personal information. Once they have obtained this information, they can use it to perpetrate various types of fraud while impersonating their victims. Learn how to spot a scam, what to do if you are contacted unexpectedly, and get advice on how to stay safe.

When your Criteo credentials get in the wrong hands, harm can be done to you and your company. Criteo will never send text messages or emails containing time-critical warnings instructing you to log in to your account and share privileged user data. We’ll never issue you an ultimatum, nor will we ask you to authenticate yourself or verify your data outside of our secure communication channels.

Watch out for:

• Unexpected senders – If you don’t know who sent a text or email message, then it could be a scam.
• Text messages – At Criteo, we don’t use text messages to contact you.
• Alarming or urgent language – e.g. “You need to act now.” A genuine text or email message will be written in a reasonable and calm way. Scams may use warning messages, threats of fraud, or problems with your account.
• How an email greets you – Automatic Criteo emails will always greet you by title and surname, as in Dear [x]. Personal Criteo emails will always come from someone who knows your business and is reaching out regarding a topic about your account that you would be familiar with.
• Spelling mistakes – Scam texts and emails often look odd, with a messy layout and spelling mistakes.
• Asks for personal information – Criteo will never ask you to provide your password, credit card numbers, bank account numbers, driver’s license number, social security number, email address, or full name through text message or email.
• Erroneous Criteo email addresses – All of our email addresses end with criteo.com. There should never be any another word before or in between Criteo and .com. This is a genuine email: n.surname@criteo.com.
• Requests to click on links that take you to a fake website – If there’s a link in an email, always check it before you click. A link could look perfectly safe like https://www.criteo.com/login/, so make sure to hover your mouse over the link to preview the true URL. If you aren’t certain, don’t click on the link. Just visiting a bad website could infect your machine.
• Emails with unknown attachments – Never open an attachment unless you’re sure it’s legitimate and safe. Be particularly cautious of invoices from companies and contractors you’re not familiar with. Some attachments contain viruses that install themselves when opened.
• Other things to look out for: fake bills, fake changes of bank accounts, …

What to do

If you get a message or enter a website that seems odd, follow these steps:

• Double check the URL – If you suspect you’re on a fraudulent site, pause for a moment and check the address bar and make sure the URL reads: https://www.criteo.com/, or one of our subdomains, like marketing.criteo.com.
• Do not reply – Even if you think you know the sender, don’t reply to a text or email message if it seems odd.
• Do not open attachments – Scam texts and emails can put a virus on your phone or computer.
• Do not click on any links – Simply clicking on a malicious link could infect your machine.
• Check the ongoing phishing campaigns page here.
• Talk to your contact at Criteo – Send a clean email to your contact at Criteo and we can help to check the text or email message.
• Report a phishing attempt here.

For more information, reach out to your Criteo Account Strategist.