A new Adidas phishing scam has been detected that offers free shoes and money. The messages claim that Adidas is celebrating its 69th anniversary and is giving 2,500 lucky customers a free pair of Adidas sneakers and a free $50 a month subscription.

The scam is targeting users on mobile devices in specific locations. If the user clicks the link in the message and is determined not to be using a mobile device, they will be directed to a webpage that displays a 404 error. The scam will also only run if the user is in the United States, Pakistan, India, Norway, Sweden, Nigeria, Kenya, Macau, Belgium or the Netherlands.

Provided the user is on a mobile device and located in one of the targeted countries, a series of four questions will be asked. The responses to the questions are irrelevant as all users will be offered a “free” pair of sneakers after answering the four questions.

In order to be able to claim the prize, users must share the offer with their contacts on WhatsApp. Regardless of whether the user does this, they will be directed to another webpage where they are asked further questions and are finally offered a “free” pair of sneakers worth $199.

There is another catch. In order to claim their free sneakers, the user must pay $1. The user is advised that they will also be charged $49.99 a month for the subscription at the end of the month if they do not cancel. The user is told they can cancel at any point.

On the payment screen the user is told that the payment will be processed by organizejobs.net. Proceeding with the payment will see the user charged $1, followed by the subscription cost of $49.99 in 7 days.

The campaign is being run on WhatsApp, although similar scams have been conducted via email and SMS messages. Several variations along the same theme have also been identified using different shoe manufacturers.

The link supplied in the WhatsApp message appears to be genuine, using the official domain for the country in which the user is located. While the domain looks correct, this is an example of a homoglyph attack. Instead of the domain adidas.de, the i is replaced with a vertical line – a homoglyph attack.

These types of scams are commonplace. Homoglyph scams take advantage of the ability to use non-ASCII characters in domain names. Similar scams use a technique called typosquatting – where domains closely matching real brand names are registered: Incorrect spellings for instance, such as “Addidas” instead of Adidas, or with an i replaced with a 1 or an L.

In this case, the attackers appear to be earning a commission for getting users to sign up, although disclosing debit and credit card details could easily see the information used to run up huge bills or drain bank accounts.

There are various warning signs indicating this is an Adidas phishing scam. Close scrutiny of the domain will reveal it is incorrect. The need to share the message to contacts is atypical, being notified of a charge after being told the shoes are free, the failure to ask the user to choose a pair of shoes or even select their size, and an odd domain name is used to process payment. However, even with these tell-tale signs that the offer is not genuine, this adidas phishing scam is likely to fool many people.

Be warned. If you receive any unsolicited WhatsApp message offering you free goods, assume it is a scam.