Phishing campaigns examples

Содержание

Fraudsters are looking to get our clients’ Criteo credentials or to steal money from anyone by impersonating us. Be aware of the dangers and protect yourself.

Ongoing Phishing/Fraud campaigns

Phishing and fraud attempts impersonating Criteo could target anyone. To protect yourself, we have provided examples of recent malicious attempts below. If you have doubts about the authenticity of a communication from Criteo, please refer to this list.

JANUARY, 2023

Criteo Advertise Investment Marketing

Scammers are trying to steal money by using a fake company labeled “Criteo Advertx Trading”. WhatsApp is one of the channels they use to contact you.

They propose different investment formulas. To invest, money has to first be deposited in a bank account. A refund with a big bonus percentage is promised.

Reminder: Criteo will never ask you to deposit money in order to earn a commission. This is not what our business is about.

 

 

 

 

 

AUGUST, 2022

Financial fraud attempts

Fake domain names that look very similar to ours are used by fraudsters in an attempt to impersonate us.

They target our customers and try to convince them to modify their Criteo account payment settings to point to their own bank account.

Examples of such fake domain names :

criiteo.com
criteeo.com
criteogroup.com
it-criteo.com

Customers receive an email from an apparently real employee of Criteo whose email address looks legitimate but actually isn’t (xxx@criiteo.com instead of xxx@criteo.com for example). That (fake) person may ask for a payment/email modification or access to sensitive information.

The differences between fake domain names and ours are sometimes subtle. Our advice is to pay extra attention to domain names and links inside all emails.

 

MAY, 2022

Fake login pages

Fraudsters have registered several domain names to impersonate Criteo. They used these domains to host fake login pages with a design similar to ours and sometimes with the exact same content. The fraudsters will then proceed to steal the credentials from unsuspecting customers trying to connect to their Criteo accounts.

The only official URLs to sign-in to your account are : account.criteo.com and login.criteo.com

 


https://www.criteo.com/wp-content/uploads/2023/07/FLP-e1687881458502.png
 

JANUARY, 2022

Fake recruiting campaign

Fraudulent domains that resemble our official Criteo domain were registered and have been used in a fake recruiting campaign.

The fraudsters are misleading victims into believing they will earn money through commissions obtained as a Criteo agent.

The fraudsters request that several deposits be made along the way to “activate a data creation process” and complete the operation. This is a scam, Criteo will never ask you to deposit money in order to earn a commission.

 

 

 

Report a phishing attempt

To report a phishing (email, WhatsApp, SMS…) attempt, please send the example to security@criteo.com. You can do so by forwarding us the example as an attachment, or by dragging and dropping it in the mailbox window.

Why report a phishing attempt?

  • You’re helping us fight scams targeting Criteo customers​
  • You’re helping yourself by reducing the number of similar messages you may receive in the future

What happens after your submission?

  • Our security team will analyze your report ​
  • If relevant, we will take measures to stop the phishing campaign (takedown notices, blocking the spammers)