A phishing scam from cybercriminals posing as South Africa’s largest online fashion store is doing the rounds — tricking unsuspecting consumers into sharing their payment details.
The scam, which has been shared widely on Twitter, uses SMSes and emails that pretend to be from Superbalist to trick people into entering their card details into a fake website.
Twitter user and YouTuber @NotYetUhuru_ shared screenshots of a scam SMS and the website that it sends users to. The site looks very similar to Superbalist’s own payment page, however the URL shows that it is not the actual Superbalist site.
Rather, users who click on the links within the SMSes and emails are sent to a site called “superbllst”.
The messages attempt to entice recipients into following the link with promotions or claims that they are being refunded. These messages ask users to update their payment details in order to receive the promotion or refund.
Superbalist has noted the issue, warning customers of the scam.
As of Monday morning, the fake domain has been blocked. However, it is possible that scammers will set up a new site to lure customers.
Some have raised questions regarding how the scammers were able to access the contact details of so many Superbalist customers. However, Superbalist has not stated whether there has been a breach of its customer data and the company said that it is investigating the incident.
Note: If you were targeted by the scam and entered your payment details, you need to contact your bank immediately to cancel your card and notify them of the issue.