The Sephora Advent Calendar scam has resurfaced ahead of the 2025 holiday season, spreading more aggressively than in previous years. After circulating widely in 2024, the scheme is now propagating through a mix of WhatsApp messages, sponsored Facebook ads, and fraudulent websites targeting consumers across Europe.
Victims report receiving messages advertising a free “Sephora Advent Calendar 2025,” accompanied by convincing images and branding. The link included in the message often appears legitimate at first glance, for example:
https://sephora[.]fr@walinkr.cc/FNQeTPxB/?promo-calendrier-avent-2025.html
Although the URL looks like it points to Sephora’s French site, everything before the “@” symbol is misleading. The actual domain, walinkr[.]cc, is associated with phishing and malware distribution.
How the Scam Operates
This year’s campaign goes beyond fake sponsored ads. It gains additional momentum when users who fall for the initial lure forward the link to their WhatsApp contacts.
Recipients are told they can win a “luxurious Sephora Advent Calendar 2025” by completing a short survey. The website designed to imitate Sephora’s branding asks a few basic questions such as “Have you heard of Sephora?” and “Would you recommend our products?”
Once users finish the questionnaire, they are informed they have “won” a calendar. To claim it, they must share the promotional link with all their WhatsApp contacts, effectively turning them into unwitting distributors of the scam.
After the link is forwarded, victims are redirected to fraudulent checkout pages or subscription traps requesting personal information or payment details. These can later be used for identity theft or unauthorized charges.
According to data from Bitdefender Labs, the campaign is active in multiple countries, including France, Romania, Italy, Spain, Poland, Portugal, Canada, the United Kingdom, Belgium, and Germany.
Fake Ads Widen the Scam’s Reach
Fraudulent ads circulating on social media mimic legitimate promotions, often using casual, friendly language such as:
“My sister works at a beauty store and told me about a secret offer before Christmas…”
These ads frequently feature stolen product photos, fabricated testimonials, and localized pricing such as €1.99, 35 lei, or £10 to appear credible. Many are framed as “limited-time offers” linked to Black Friday or leftover stock from previous Advent Calendar campaigns.
Sephora Issues Public Warning
Following a surge in user reports, Sephora Romania issued a public notice stating that the company is not running any Advent Calendar giveaway, raffle, or promotion.
“We do not organize any contest, giveaway, or event offering an Advent Calendar. Please do not provide your contact details, card information, or other personal data,” the company said.
Sephora emphasized that its official communications are limited to its verified websites (such as sephora.ro, sephora.fr, and sephora.es) and its authenticated Instagram, Facebook, and TikTok accounts.
Source: Bitdefender
