Messages that seem official promise Fidaty rewards and encourage you to click on fake links: behind this there is a trap between spoofing and data theft. Here’s how to recognize it and defend yourself
An SMS, a few seconds of reading and the promise of an attractive prize: “21,980 accumulated points” on the Esselunga Fidaty Card ready to be redeemed. This is how many users are falling for the new online scam that uses the name of the supermarket chain to steal personal data and money. A mechanism as always built on urgency and credibility, which is circulating rapidly throughout Italy.
The Esselunga points scam: the “21,980 points” deception
It all starts with an SMS (in some cases an email) which presents itself in all respects as an official communication from Esselunga. Formal tone, plausible graphics and a points figure that appears realistic, but at the same time very tempting. “Dear Customer, the 21,980 points accumulated on your Fidaty Card are about to expire“. Here lies the scam. There are almost 22 thousand Fidaty points which can also be equivalent to 200-300 euros in prizes, including household appliances, entrances to amusement parks, wellness experiences or products. A loot that encourages you not to “miss the opportunity”. Here comes the urgency. The message invites you to immediately redeem the points via a link, implying that the time is limited. By clicking on that link, however, you do not access the official Esselunga website, but a copy counterfeit built to deceive even the most attentive users.
Phishing and spoofing: the Esselunga points scam that empties the account
It’s a classic case of phishing, made more sophisticated by the use of spoofing. The sender of the message may in fact appear as “Esselunga”, making the communication even more credible. Once the link is opened, the user is faced with a page that replicates the logos, colors and structure of the original site. Here you are asked to enter personal data: name, surname, email, telephone number and, above all, banking information. How is the request justified? For “shipping costs” to receive the prize. In other cases, you are also asked to enter security codes received via SMS or login credentials, allowing criminals to complete fraudulent transactions in real time. Result? Unauthorized debits, online purchases and, in the worst cases, direct access to current accounts.
Esselunga points scam: the signs to recognize and what to do if you clicked on the link
How to defend yourself and not fall into the trap? The first element you should always check the link. The official website uses exclusively the domain “esselunga.it”: any variation, even minimal, is a wake-up call. Fake domains often have small changes that are difficult to notice at a glance, or unusual extensions. In some cases, browsers themselves report the risk, warning that the site could be dangerous.
The second clue concerns the text of the message. Although almost always well written, errors or typos may appear. An example? You can read “vantaagi” instead of “advantages”. And then pay attention to the tone: Insisting on urgency and the need to act immediately is a typical phishing technique. If you receive the message, in addition to prevention, It’s a good idea to check your points balance immediately or any prizes, by accessing the official website directly, typing the address into the browser or using the official app. And in case of doubt contact customer service directly. And you must always remember that no reliable company asks for bank details via links sent via SMS to redeem rewards.
What if you fall into the trap and click on the link? If you have not entered any data, simply close the page. However, if you have entered sensitive data, you need to act immediately: contact your bank, block your card, change your passwords and activate two-factor authentication. And it is always advisable to report the incident to the authorities, to help limit the spread of the scam.
