Phishing Campaigns: How to Identify and Report

How to spot fake, fraudulent, spoof, or phishing​ emails and messages

Fraudsters are looking to get our Criteo clients’ credentials. Be aware of the dangers and how you can protect yourself.

Ongoing Phishing Campaigns

Phishing attempts are targeting Criteo customers. To protect you, we have provided examples of recent phishing attacks below. If you have doubts about the authenticity of a communication from Criteo, please refer to this list.

 

January, 2023
Criteo Advertise Investment Marketing

Scammers are trying to steal money by using a fake company labeled “Criteo Advertx Trading”. WhatsApp is one of the channels they use to contact you.

They propose different investment formulas. To invest, money has to first be deposited in a bank account. A refund with a big bonus percentage is promised.

Reminder: Criteo will never ask you to deposit money in order to earn a commission. This is not what our business is about.

August, 2022
Financial fraud attempts

Fake domain names that look very similar to ours are used by fraudsters in an attempt to impersonate us.

They target our customers and try to convince them to modify their Criteo account payment settings to point to their own bank account.

Examples of such fake domain names :

criiteo.com
criteeo.com
criteogroup.com
it-criteo.com

Customers receive an email from an apparently real employee of Criteo whose email address looks legitimate but actually isn’t (xxx@criiteo.com instead of xxx@criteo.com for example). That (fake) person may ask for a payment/email modification or access to sensitive information.

The differences between fake domain names and ours are sometimes subtle. Our advice is to pay extra attention to domain names and links inside all emails.

May, 2022
Fake login pages

Fraudsters have registered several domain names to impersonate Criteo. They used these domains to host fake login pages with a design similar to ours and sometimes with the exact same content. The fraudsters will then proceed to steal the credentials from unsuspecting customers trying to connect to their Criteo accounts.

The only official URLs to sign-in to your account are : account.criteo.com and login.criteo.com

January, 2022
Fake recruiting campaign

Fraudulent domains that resemble our official Criteo domain were registered and have been used in a fake recruiting campaign.

The fraudsters are misleading victims into believing they will earn money through commissions obtained as a Criteo agent.

The fraudsters request that several deposits be made along the way to “activate a data creation process” and complete the operation. This is a scam, Criteo will never ask you to deposit money in order to earn a commission.

Report a phishing attempt

To report a phishing (email, WhatsApp, SMS…) attempt, please send the example to security@criteo.com. You can do so by forwarding us the example as an attachment, or by dragging and dropping it in the mailbox window.