M&S CEO Steve Rowe impersonated by hackers in voucher scam

Marks & Spencer shoppers are being targeted by hackers posing as the company’s chief executive Steve Rowe.

M&S says it is “investigating” fraudulent adverts which were shared widely across Facebook offering a £35 gift voucher in exchange for their personal and financial details.

The adverts, first discovered by Parliament Street’s cyber research team, feature a photo of a man (who is not Steve Rowe), with text encouraging them to share and comment on the post.

“Hello everyone, my name is Steve Rowe and I am the CEO of Marks and Spencer!”, the advert reads.

“I’ve an announcement to make – To celebrate our 135th Anniversary, we are giving EVERYONE who shares & then comments by 11.59pm tonight one of these mystery bags containing a £35 M&S voucher plus goodies!”

Users are then encouraged to follow a URL which takes them to a M&S branded page and asks them for their name, address, phone number, bank account number and sort code.

While the number of people who may have fallen victim to the scam are unknown, around 150 people have reported it so far, while the retailer says it has “been made aware” and its colleagues are “investigating further”.

READ MORE: 471 fake COVID-19 shops shut down as “despicable” scammers capitalise on pandemic

“It is unsurprising to see the CEO impersonated, as from our analysis CEOs are currently the most targeted candidates for impersonation in these ‘project-related’ impersonation attacks and this is likely to remain so,” head of threat intelligence analysis at Mimecast Phil Hay said.

“Our research has shown that 36.4 % of IT professionals surveyed in the UK say their organisation’s CEO is the most targeted exec within their organisation.

“Additionally, variations or further development of this type of tactic is also likely to include impersonation of other key and senior personnel within organisations, in an attempt to induce compliance with the instructions given. The public must be aware of these attacks and do their due diligence before entering personal information.”

Click here to sign up to Charged‘s free daily email newsletter

SecuritySocial Media


1 Comment. Leave new

  • Chris Harding
    October 23, 2020 9:17 am

    I’ve seen this post doing the rounds too. These scammers really do need to try harder… Church hall, free stuff for nothing. Really. Well, perhaps they don’t with the number of shares its got. C’mon people, its not rocket science. Does it seem likely? Does it seem too good to be true? Has it been shared by an official channel/page? All basic question people should ask themselves.


Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.