New Year, New Scams: The ‘Sephora Mystery Box’ Fraud Returns

Note: All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

At the start of 2025, scammers wasted no time in crafting deceptive ads, recycling previous ruses such as the "Sephora Advent Calendar" scam that flooded social media platforms in late 2024.

Beginning with the New Year, scammers have rebranded the ruse into a "Sephora Mystery Box" promotion, targeting users across Meta’s platforms, particularly Facebook.

These fraudulent ads, websites, and surveys have no connection whatsoever to the legitimate Sephora brand. Scammers intentionally mimic reputable brands to mislead consumers, undermining both the company's reputation and its customers' trust.

How the Scam Works

Step 1: The Fake Facebook Ad

The scam begins with a sponsored post or reel on Facebook. Variants of the ad mimic legitimate Sephora promotions and employ emotional language to hook users. Example descriptions include:

• "My sister works at Sephora and told me about this amazing New Year offer—an exclusive loyalty program where you can get a cosmetics box by completing a short survey! I only paid €3 for shipping!"
• "In honor of its 50th anniversary, Sephora is running a special promotion. By filling out a short survey, you can receive a free gift box of luxury cosmetics! Don't delay!"

While the descriptions promise exclusive offers, the accompanying videos tell a completely different story.

The AI-generated voice claims the promotion is part of Sephora's charitable initiative, suggesting the luxury cosmetics boxes are being offered at symbolic prices to support a charity event. This deliberate misalignment between the ad text and video narrative is designed to further confuse and manipulate potential victims, adding a layer of credibility by appealing to users’ emotions.

Moreover, closer inspection of the video reveals another red flag: the pronunciation of the Sephora name is distinctly off, suggesting the audio was generated by AI or created by individuals unfamiliar with the brand. Legitimate promotions from Sephora would never feature such inconsistencies, let alone a mispronunciation of their name.

Step 2: The Fraudulent Website

Clicking the ad redirects users to a fake Sephora-branded website. Screenshots from the site reveal striking similarities to the previous Advent Calendar scam we reported on Dec. 16, 2024, including cloned layouts and imagery.

Below you can see a side-by-side comparison of the two (advent calendar scam on the left and the mystery box scam on the right):

Here’s how the scam further unfolds:

• The Survey: You are asked three basic questions, such as:

• Do you reside in [country of residence]? In our case it was Romania.
• Have you participated in a Sephora promotion in the past 90 days?
• Select your skin type for tailored cosmetic products.

These are the exact three questions the scammers used in the 2024 version of the scam.

• Mini-Game: Users are presented with a game to “guess the contents of the box.” The scam ensures everyone “wins” on their second attempt, creating an illusion of exclusivity, same as the 2024 version.

• Payment Request: Winners are directed to a payment page where they are asked to provide personal details, including:

• Full name
• Address
• Phone number
• Email
• Credit card information

At this stage, scammers extract sensitive data for identity theft or financial fraud.

Unlike the previously known versions of the scam, fraudsters also used fake reviews from supposed customers (e.g., "I can't believe this is real!").

How to Stay Safe

To avoid falling victim to such scams, follow these tips:

1. Verify the Source: Always cross-check offers by visiting Sephora’s official website or app. Sephora regularly posts legitimate promotions on their verified platforms, so if you can’t find the deal there, it’s likely a scam.
2. Be Skeptical of Unrealistic Deals: Offers like “luxury products for €3” are a huge red flag that the promotion is a scam.
3. Inspect the URL: Look for spelling errors or strange domains that differ from Sephora's official website. The link from the promotion began with eu.health
4. Use Security Tools:
   • Bitdefender Link Checker: Validate URLs for authenticity.
   • Bitdefender Scamio: Detect scams in real-time on your browser, platforms like  WhatsApp, Facebook Messenger, web browser or Discord for free!  Don't forget to help others stay safe by sharing the localized versions of Scamio in France, Germany, Spain, Italy, Romania, Australia, and the UK.
5. Report Suspicious Ads: Inform Facebook of fraudulent ads.