Lowe’s fake winning page detected

This screenshot shows a lottery or prize scam impersonating Lowe’s, a major home improvement retailer. The message claims the victim has won a prize and includes a fake customer number. The scam typically demands a small “delivery fee” to release the prize – which is never actually delivered.

Threat Analysis: Lowe’s Prize Scam – Advance Fee Fraud

How it works:
The victim receives an unsolicited email, SMS, or social media message claiming they have won a prize (often a gift card, appliance, or cash) from Lowe’s. A “customer number” is provided to make the notification appear legitimate. The message mentions that a delivery fee may apply. If the victim responds or clicks a link, they will be asked to pay a small fee (e.g., $5–$20) to “cover shipping” or “processing” before receiving the prize. After the fee is paid, the victim never receives the promised prize – and their payment information may be stolen.

The goal:
The attacker aims to:

  • Trick the victim into sending money (advance fee fraud)
  • Collect credit card or bank account details if the victim pays online
  • Gather personal information (name, address, phone) for identity theft or further scams

Red flags to watch for:

  • Unsolicited win notification: Legitimate sweepstakes do not notify winners via random text messages or social media DMs without prior entry.
  • Request for upfront payment: A real prize never requires a delivery or processing fee to be paid by the winner. The sponsor covers these costs.
  • Fake customer number: The provided number (#4864370221) is generic and cannot be verified with any legitimate Lowe’s promotion.
  • Vague prize description: The message does not specify what the winner has actually won – only that they are a “winner.”
  • Poor formatting and grammar: Official Lowe’s communications are professionally written; this message uses generic capitalization and lacks official branding.

What to do if you encounter this:

  • Do not reply, click any links, or call any phone number provided.
  • Do not pay any “delivery fee” or share personal / financial information.
  • If you are unsure whether a Lowe’s promotion is legitimate, contact Lowe’s directly through their official website (lowes.com) – never use contact details from the suspicious message.
  • Report the scam to the Federal Trade Commission (FTC) or your local consumer protection agency.

Why this scam is effective:
The promise of a free prize excites victims, and a small delivery fee seems reasonable. Many people are familiar with Lowe’s and trust the brand. The fake customer number adds a veneer of authenticity. Scammers rely on urgency and the fear of missing out to bypass critical thinking.

Protective measures:

  • Remember: you cannot win a prize you did not enter. If you never signed up for a Lowe’s sweepstakes, ignore any win notification.
  • Never pay money to receive a prize. Legitimate contests cover all costs.
  • Delete unsolicited win messages without responding.
  • Check the sender’s address – official Lowe’s emails come from @lowes.com, not random domains.

BancoFie phishing page detected

This screenshot shows a phishing page impersonating Banco Fie, a Bolivian bank. The page mimics the bank’s “Fienet” online banking login interface to steal customers’ USUARIO (username) and Contraseña (password).

Threat Analysis: Banco Fie Phishing – Fake “Fienet” Login Page

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The link leads to this fake Banco Fie login page. The victim is asked to enter their username and password and click “Continuar.” The credentials are captured and sent to the attacker.

The goal:
The attacker aims to steal online banking credentials to access the victim’s real account, view balances, transfer funds, and commit fraud.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not bancofie.com.bz or the official Banco Fie domain. Always check the address bar.
  • Unsolicited login request: Banco Fie does not send links requiring customers to log in to resolve account issues. Customers should always access online banking by typing the official URL directly.
  • Fake security badges: The “secure,” “GlobalSign,” and “GMO” icons are copied from legitimate sites but do not guarantee safety – they are just images on a fake page.
  • No personalization or security image: Legitimate Banco Fie login pages often display a security phrase or image after username entry. This page lacks that.
  • Copied contact information: The footer includes a real customer service phone number and website, but attackers copy these to appear legitimate. Their presence does not make the page safe.

What to do if you encounter this:

  • Do not enter your username or password.
  • If you are a Banco Fie customer, always access Fienet by typing bancofie.com.bz directly into your browser.
  • If you have already entered your credentials, contact Banco Fie immediately through their official customer service hotline to change your password and secure your account.
  • Report the phishing page to Banco Fie’s fraud department.

Protective measures:

  • Bookmark the official Banco Fie login page and use that bookmark exclusively.
  • Use a password manager – it will autofill only on legitimate domains.
  • Enable two‑factor authentication on your bank account if available.
  • Be suspicious of any unsolicited message that creates urgency and asks you to log in.

Bank of America phishing page in Spanish revealed

This screenshot shows a phishing page impersonating Bank of America, targeting Spanish‑speaking customers. The page mimics the bank’s online login interface to steal online banking credentials (Identificación en línea and Contraseña).

Threat Analysis: Bank of America Phishing – Fake Spanish‑Language Login Page

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The link leads to this fake login page. The victim is asked to enter their online ID and password and click “Entrar.” The credentials are captured and sent to the attacker.

The goal:
The attacker aims to steal online banking credentials to access the victim’s real Bank of America account, view balances, transfer funds, and commit fraud.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not bankofamerica.com. Legitimate Bank of America login pages are only on official bank domains.
  • Unsolicited login request: Bank of America does not send links requiring customers to log in to resolve account issues.
  • Outdated copyright: The footer shows “© 2021” – a phishing page often copies an old year. The real site would show the current year.
  • No personalization or security image: Legitimate Bank of America login pages display a security image or phrase after you enter your online ID. This page lacks that feature.
  • Copied content: The page uses real Bank of America branding and slogans (“Área protegida,” “Miembro de FDIC”), but these are copied from the legitimate site and do not guarantee safety.

What to do if you encounter this:

  • Do not enter your online ID or password.
  • If you are a Bank of America customer, always access online banking by typing bankofamerica.com directly into your browser.
  • If you have already entered your credentials, contact Bank of America immediately to change your password and secure your account.
  • Report the phishing page to Bank of America’s fraud team (e.g., [email protected]).

Protective measures:

  • Bookmark the official Bank of America login page and use that bookmark.
  • Use a password manager – it will autofill only on legitimate bankofamerica.com domains.
  • Enable two‑factor authentication on your bank account.
  • Be suspicious of any unsolicited message that asks you to log in.

Preparation to Credit Agricole bank phishing attack revealed

This screenshot shows a phishing email or landing page impersonating Crédit Agricole, a major French bank. The message uses the legitimate “SécuriPass” security feature and the European PSD2 directive as a pretext to pressure victims into clicking a malicious activation button.

Threat Analysis: Crédit Agricole Phishing – Fake “SécuriPass Activation” Scam

How it works:
The victim receives an unsolicited email (or lands on this page via a link) claiming that due to the PSD2 directive, strong authentication is required every 90 days. The message urges the victim to click a button to activate “SécuriPass” and warns that ignoring the activation will release the bank from liability for any account damage.

Clicking the button leads to a fake Crédit Agricole login page designed to steal the victim’s online banking credentials and potentially two‑factor authentication codes.

The goal:
The attacker aims to capture the victim’s Crédit Agricole login credentials to access the account, transfer funds, and commit fraud.

Red flags to watch for:

  • Suspicious URL: The link behind the button leads to a domain that is not credit-agricole.fr. Legitimate bank communications use official domains.
  • Threat of consequences: The warning that the bank “will not be responsible for damages” is a classic fear tactic to pressure victims into clicking without thinking.
  • Unsolicited activation request: Crédit Agricole does not send emails or messages requiring customers to click a link to activate SécuriPass. Legitimate activation happens within the app or after logging in.
  • Generic greeting: The message does not address the victim by name or reference a specific account.
  • Misspelling: “NOTIFICATIATION” instead of “Notification” is a minor but telling error.

What to do if you encounter this:

  • Do not click the activation button or any links.
  • Access your Crédit Agricole account by typing credit-agricole.fr directly into your browser or using the official mobile app.
  • If you have already clicked and entered your credentials, contact Crédit Agricole immediately to secure your account.
  • Report the phishing page to Crédit Agricole’s fraud team ([email protected]).

Protective measures:

  • Never click links in unsolicited messages claiming you need to activate security features.
  • Always type your bank’s official website address directly into your browser.
  • Enable SécuriPass through the official app – not via email links.
  • Be suspicious of any message that threatens negative consequences and asks you to click a link.

Virgilio mail phishing page revealed

This screenshot shows a phishing page hosted on Wix, impersonating Virgilio (an Italian email and portal service, part of the Libero / Italiaonline group). The page asks for email address and password to steal login credentials.

Threat Analysis: Virgilio Phishing – Credential Harvesting

How it works:
The victim receives a phishing email, SMS, or message claiming a security alert, account suspension, or the need to verify their information. The link leads to this page, which mimics the Virgilio login interface. The victim is asked to enter their email and password, then click “AVANTI” (Next). The credentials are captured and sent to the attacker.

The goal:
The attacker steals Virgilio account credentials to:

  • Access the victim’s email (searching for sensitive information, password reset links)
  • Compromise other services linked to the same email
  • Send further phishing messages to the victim’s contacts
  • Attempt credential reuse on other platforms

Red flags to watch for:

  • Suspicious URL: The page is hosted on a Wix subdomain (virgiliopostaitali.wixsite.com), not on virgilio.it or any official Virgilio domain. Wix is a free website builder – legitimate email services do not use it for login pages.
  • Visible Wix banner: The blue banner stating “Ce site a été conçu sur la plateforme de création de sites internet Wix.com” is a clear indicator that this is not an official page.
  • Mixed languages: The page uses French for the Wix notice, but Italian for “Virgilio” and “Accedi” (Login) – inconsistent and unprofessional.
  • Minimal design: The page lacks the full branding, security notices, and two‑factor authentication options of the real Virgilio login page.
  • Unsolicited login request: Virgilio does not send links requiring users to log in to resolve account issues.

What to do if you encounter this:

  • Do not enter your email or password.
  • If you are a Virgilio user, always access your email by typing virgilio.it directly into your browser.
  • If you have already entered your credentials, change your password immediately and enable two‑factor authentication if available.
  • Report the phishing page to Virgilio / Italiaonline and to Wix’s abuse team.

Protective measures:

  • Bookmark the official Virgilio login page and use that bookmark.
  • Use a password manager – it will not autofill on fake domains.
  • Never log in via a page hosted on a free website builder (Wix, Weebly, etc.) unless you are absolutely certain it is legitimate (which it almost never is for email services).
  • Enable two‑factor authentication on your email account.

Fake PayPal Gift card detected

This screenshot shows a fake “PayPal Gift Card” giveaway scam, promising a $1000 reward to trick victims into providing personal information or clicking malicious links.

Threat Analysis: PayPal Gift Card Scam – Fake Giveaway / Phishing

How it works:
The victim encounters an ad or link (via social media, email, or pop‑up) claiming that a limited number of people can win a $1000 PayPal gift card. The page displays a fake promo code, a placeholder card image, and a countdown of “remaining spots” to create urgency. The victim is asked to click a button (e.g., “Mobile” or “Desktop”) to claim the prize.

After clicking, the victim may be taken to a survey, asked to provide personal information (name, address, email, phone), or required to pay a small “processing fee” – all while never receiving the promised gift card.

The goal:
The attacker aims to:

  • Collect personal information for identity theft or future scams
  • Trick the victim into paying an upfront fee (advance fee fraud)
  • Lead the victim to a phishing page that steals PayPal credentials
  • Install malware or adware through malicious downloads

Red flags to watch for:

  • Too good to be true: A free $1000 PayPal gift card is highly unlikely. Legitimate giveaways are rare and require entry, not just clicking a link.
  • Fake promo code: The displayed code (“5251 1234 5678 XXXX”) is generic and not a real gift card code.
  • Limited spots / urgency: The claim of “26 spots left” is a classic pressure tactic to make victims act without thinking.
  • Vague company / no contact information: The page does not identify which company is running the promotion.
  • Unsolicited offer: You cannot win a prize you did not enter. Any unsolicited message claiming you have won something is almost always a scam.

What to do if you encounter this:

  • Do not click any buttons or links.
  • Do not provide any personal or financial information.
  • Do not pay any “fee” to claim the prize.
  • If you have already entered information, monitor your accounts for suspicious activity and change any compromised passwords.

Protective measures:

  • Remember: if it sounds too good to be true, it is a scam.
  • Never pay money to receive a prize. Legitimate giveaways cover all costs.
  • Verify promotions directly through the official PayPal website or social media channels – never through a random link.
  • Use ad blockers and avoid clicking on pop‑up ads promising free money or prizes.

Microsoft phishing page detected

This screenshot shows a phishing page impersonating Microsoft, targeting Spanish‑speaking users. The page asks for the victim’s current email address and current password under the pretext of “confirming credentials.” It is hosted on a suspicious free hosting subdomain.

Threat Analysis: Microsoft Phishing – “Confirm Credentials” Scam

How it works:
The victim receives a phishing email, SMS, or message claiming a security alert, account suspension, or the need to verify their information. The link leads to this page, which mimics a Microsoft login interface. The victim is asked to enter their email address and current password, then click “Continuar.” The credentials are captured and sent to the attacker.

The goal:
The attacker steals Microsoft account credentials (email and password) to:

  • Access the victim’s email (Outlook, Hotmail) and other Microsoft services (OneDrive, Office 365)
  • Reset passwords for other accounts linked to that email
  • Send further phishing messages to the victim’s contacts
  • Attempt credential reuse on other platforms

Red flags to watch for:

  • Suspicious URL: The page is hosted on fffgfggggggggg000.hostfree.pw – a free hosting subdomain, not microsoft.com or outlook.com. Legitimate Microsoft login pages are only on official domains.
  • Unprofessional domain name: Random characters and “hostfree.pw” are clear indicators of a throwaway phishing site.
  • “Confirmar credenciales” pretext: Microsoft never asks users to “confirm credentials” via a link. Legitimate security alerts direct users to log in through the official website, not a separate page.
  • Minimal design: The page lacks Microsoft’s full branding, security notices, and two‑factor authentication options.
  • No personalization or security image: Genuine Microsoft login pages display a security image or account selection after entering an email.
  • Unsolicited login request: Microsoft does not send links requiring users to log in to resolve account issues.

What to do if you encounter this:

  • Do not enter your email or password.
  • If you have already entered your credentials, change your Microsoft password immediately and enable two‑factor authentication (2FA).
  • Always access Microsoft services by typing outlook.com or microsoft.com directly into your browser.
  • Report the phishing page to Microsoft (via [email protected] or the built‑in reporting tool).

Protective measures:

  • Bookmark the official Microsoft login page and use that bookmark.
  • Use a password manager – it will autofill only on legitimate microsoft.com or outlook.com domains.
  • Enable two‑factor authentication on your Microsoft account (using an authenticator app or security key).
  • Be suspicious of any unsolicited message that asks you to “confirm” your credentials via a link.

Fake Free PayPal Gift Cards revealed

This phishing campaign uses “Free $750 PayPal Gift Cards” via social media and pop-ups to lure victims, characterizing a classic survey scam designed to harvest personal data and distribute malware. Victims are induced through a fake, high-value reward offer, ultimately leading to data theft through “verification” steps that require inputting sensitive information or downloading malicious applications. You can read the full case analysis at antiphishing.biz.

Screenshot #1: The Landing Page (The Hook)

The Trap: Displays a professional-looking “PayPal Gift Card” with high-value amounts. It uses official logos and colors to build trust.

The Psychology: “Free money” triggers an impulsive reaction. The user is asked to click a button to “Claim” or “Win,” which begins the redirection to the malicious forms.

Screenshot #2: The Fake Survey / Verification

The Trap: The site asks simple questions like “How often do you use PayPal?” or “Which brand do you prefer?”

The Intent: This is a “Low-Friction” tactic. By making the user perform small tasks, the scammer builds “investment” and commitment, making the victim more likely to provide sensitive data in the next step.

Screenshot #3: Personal Data Harvesting (Fullz)

The Trap: To “receive the gift card,” the user is asked for their Full Name, Home Address, and Date of Birth.

The Impact: This information is sold on the Dark Web as “Fullz” (full identity profiles). It allows criminals to bypass security questions on other accounts or commit identity theft.

Screenshot #4: The Payment / Shipping Fee Form (The Kill)

The Trap: The final step claims a small “Processing Fee” or “Shipping Charge” ($1.00 – $2.00) is required to send the gift card.

The Impact: This form is a Credit Card Skimmer. Once you enter your Card Number, Expiry, and CVV, the attacker has full access to your funds. The “gift card” never arrives, but the fraudulent charges start immediately.

Here is the detailed breakdown of the Fake PayPal Gift Card scam . This is a classic “Reward Bait” scheme used to harvest financial data and personal information.

💳 Fake “Free PayPal Gift Cards” Scam

Target: Global PayPal users looking for discounts or rewards.
Threat Level: High (Financial Fraud & Identity Theft)

Phishing Method Description

This attack uses Social Engineering by promising a “Free $750 PayPal Gift Card” or similar high-value rewards. These scams are often spread via social media ads, WhatsApp messages, or “reward” websites. The goal is to lead the victim through a series of “verification steps” that eventually steal their credit card data and account credentials.

🛡️ Protection Measures (Safety Rules)

  • 1. The “Too Good to Be True” Rule:
    PayPal (and other major companies) does not give away $500 or $750 gift cards for free via third-party websites or surveys. If the offer seems excessive, it is 100% a scam.
  • 2. Check the Domain (URL):
    Official PayPal offers only exist on ://paypal.com. Any other domain (e.g., paypal-rewards-2024.net, win-paypal-gift.xyz) is a phishing site.
  • 3. Never Pay to Receive a Prize:
    A legitimate prize or gift card should never require you to provide your credit card’s CVV code or pay a “verification fee.” This is the primary red flag for financial skimming.
  • 4. Official Communication Only:
    Check your official PayPal app or log in directly to paypal.com. If there is a real reward, it will be listed in your Rewards or Offers section inside your secure account.

Facebook phishing page in Arabic revealed

This screenshot shows an Arabic‑language phishing page impersonating Facebook, designed to steal login credentials (email/phone and password). The page is hosted on a suspicious domain and uses a fake registration or login prompt.

Threat Analysis: Facebook Phishing – Credential Harvesting

How it works:
The victim receives a phishing email, SMS, or social media message claiming a security alert, account suspension, or the need to verify their information. The link leads to this page, which mimics the Facebook login interface. The victim is asked to enter their email address or phone number and password, then click a button (likely labeled “login” or “register”). The credentials are captured and sent to the attacker.

The goal:
The attacker steals Facebook account credentials to:

  • Access private messages and personal information
  • Post spam, scams, or malicious links from a trusted account
  • Spread the phishing attack to the victim’s friends
  • Use the same email/password combination to compromise other accounts (if credentials are reused)

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain like نتجاهاص.xyz – a random, non‑Facebook domain. Legitimate Facebook login pages are only on facebook.com.
  • Poor Arabic grammar / typos: The text contains errors and awkward phrasing that would not appear on an official Facebook page.
  • Unsolicited login request: Facebook does not send links requiring users to log in to resolve account issues.
  • Minimal design: The page lacks Facebook’s full branding, security notices, and two‑factor authentication options.
  • No personalization: Genuine Facebook login pages often show a profile image or account selection after entering an email.

What to do if you encounter this:

  • Do not enter your email/phone or password.
  • If you have already entered your credentials, change your Facebook password immediately and enable two‑factor authentication (2FA).
  • Always access Facebook by typing facebook.com directly into your browser.
  • Report the phishing page to Facebook (via the official reporting tools).

Protective measures:

  • Bookmark the official Facebook login page and use that bookmark.
  • Use a password manager – it will autofill only on legitimate facebook.com domains.
  • Enable two‑factor authentication on your Facebook account (using an authenticator app).
  • Be suspicious of any unsolicited message that asks you to log in.

Facebook Messenger phishing page detected

This screenshot shows an Arabic‑language phishing page impersonating Facebook, designed to steal login credentials (email/phone and password). The page is hosted on a suspicious domain and uses a fake registration or login prompt.

Threat Analysis: Facebook Phishing – Credential Harvesting

How it works:
The victim receives a phishing email, SMS, or social media message claiming a security alert, account suspension, or the need to verify their information. The link leads to this page, which mimics the Facebook login interface. The victim is asked to enter their email address or phone number and password, then click a button (likely labeled “login” or “register”). The credentials are captured and sent to the attacker.

The goal:
The attacker steals Facebook account credentials to:

  • Access private messages and personal information
  • Post spam, scams, or malicious links from a trusted account
  • Spread the phishing attack to the victim’s friends
  • Use the same email/password combination to compromise other accounts (if credentials are reused)

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain like نتجاهاص.xyz – a random, non‑Facebook domain. Legitimate Facebook login pages are only on facebook.com.
  • Poor Arabic grammar / typos: The text contains errors and awkward phrasing that would not appear on an official Facebook page.
  • Unsolicited login request: Facebook does not send links requiring users to log in to resolve account issues.
  • Minimal design: The page lacks Facebook’s full branding, security notices, and two‑factor authentication options.
  • No personalization: Genuine Facebook login pages often show a profile image or account selection after entering an email.

What to do if you encounter this:

  • Do not enter your email/phone or password.
  • If you have already entered your credentials, change your Facebook password immediately and enable two‑factor authentication (2FA).
  • Always access Facebook by typing facebook.com directly into your browser.
  • Report the phishing page to Facebook (via the official reporting tools).

Protective measures:

  • Bookmark the official Facebook login page and use that bookmark.
  • Use a password manager – it will autofill only on legitimate facebook.com domains.
  • Enable two‑factor authentication on your Facebook account (using an authenticator app).
  • Be suspicious of any unsolicited message that asks you to log in.