Facebook Scam Uses Fake Aldi Meat-Box Offer to Steal Cards

A Facebook post claimed Aldi was offering meat boxes for under $10 to people over 40 and included a link in the comments that redirected users to a counterfeit Aldi-style site that collected personal information and payment details, Malwarebytes’ Scam Guard reported.

The post used an anecdote that began, “My son works at Aldi and told me about something almost nobody knows,” and urged readers to fill out a short form. The link was posted as the first comment and shortened with cutt[.]ly, a technique used to bypass some automated detections.

Clicking the shortened link triggered a series of redirects. An initial page loaded JavaScript that fingerprinted the tester’s device before sending visitors to gifts-survey[.]life, a site that copied Aldi’s design and displayed urgency messages such as “only 1 spot left” and “you only have 2 minutes to complete the survey.” The site presented a brief survey, offered a choice of prize boxes and then forwarded users to a payment page on hyperbargainsflow[.]shop.

The payment page requested full name, phone number, home address and card details to cover a stated delivery fee, and offered an optional upsell for faster shipping. The scam pages displayed more than 1,000 five-star ratings that appear to be fake and attempted to auto-complete and auto-submit forms when fields were detected as pre-populated. Malwarebytes reported that it blocked connections to gifts-survey[.]life during its investigation.

Researchers identified similar campaigns using supermarket branding in other countries, including operations targeting Woolworths customers in South Africa and Australia and Aldi-branded scams appearing in multiple markets.

Malwarebytes recommended checking the browser address bar to confirm a legitimate domain before entering payment information, avoiding links that arrive from random social posts and treating offers that claim insider knowledge or restrict eligibility by age with suspicion. The company advised contacting a bank immediately and monitoring account statements if card details were entered on a site reached via a social post. The report also noted that up-to-date anti-malware software with web protection can block known scam domains and reduce the risk of device fingerprinting and redirects.

Facebook users who encounter similar posts can report them by opening the post’s three-dot menu and selecting Report post > Scam, fraud or false information. Security researchers say reporting and avoiding suspicious links on social platforms can limit the spread of such schemes.