The company has already warned that there is a phishing campaign that pretends to be them. Whether you are a regular Starbucks customer or not, we will tell you what it consists of so that you do not fall for it.
Starbucks is a popular coffee chain that also has a large audience in Spain, and also has its own mobile app with which you can earn points with every purchase and get free drinks. It is probably because of this notable presence in the country that some hacker or cybercriminal group has decided to launch a phishing campaign impersonating Starbucks via email. The chain itself has warned about this scam on its official X account.
«Some people are receiving emails from a company posing as Starbucks, saying they have won a ‘Coffee Lovers Box Set’ [Caja para amantes del café] “free of charge,” Starbucks Spain has warned on the social network. In this email, they try to trick the user by telling them that, for being a customer of the chain, they have won a supposed box with Starbucks products, which would consist of a coffee maker, portable cups, capsules and coffee bags.
The email reads: “You have been chosen to participate in our free loyalty program! It will only take a minute to receive this fantastic prize.” Paying attention to the email, we noticed all the clear signs of a fraudulent email: spelling mistakes, inconsistencies in the language (some texts appear in English and others in Spanish), low-resolution images and links to websites that do not correspond to the official Starbucks website in Spain.
The user is asked to click on a link to complete a questionnaire about their experience with the brand, in order to then win the prize. But no, we are not going to win any box of products. Starbucks makes it clear: “This promotion is fraudulent and unrelated to Starbucks. Please do not provide personal or bank details. Thank you!” they said on September 4.
Signs that reveal scammers
INCIBE has already commented several times on what signs we can recognize in the emails we receive to know if they are real or not. The characteristics that usually reveal phishing attempts are the following:
Not having a legal terms section (all online contests have one), HTTP links instead of HTTPS, spelling and grammar mistakes, or poor quality or AI-generated images. Also, if we are told about a contest or raffle, we should check this against the official social media profiles or the company’s website. Avoid clicking on links if you suspect the sender, and be wary of messages telling you that you have won something. What seems too good to be true often isn’t.
Since Starbucks already has an official app, it’s likely that if they were to run campaigns like this, they would run them through the app, where users can sign up to accumulate rewards.