Coffee Bean's “Spread The Froth” Promo: Password Phishing?
Have you received an email from Coffee Bean and Tea Leaf (CBTL) that looks like a phishing scam? I received an email from firstname.lastname@example.org today saying that I may claim free coffee from any Coffee Bean and Tea Leaf branch once I register. The email contained a jpeg file, which I screencapped and posted below. However, as I started to register, the next page was asking for my email address – and, gasp, my email password. Is the promo from the Coffee Bean and Tea Leaf just another malicious phishing attempt?
I checked the email address that sent the message and it seemed legit, because it came from coffeebean.com.ph. I clicked on the link and I was immediately led to this website:
I started to register and found it weird that it was asking for my birthday. As I was done filling in the fields with my answers, I was led to the next page. Now, that was the page that I found even weirder:
As you can see, this promo from Coffee Bean and Tea Leaf called “Spread the Froth” is asking for both my email address and my email password! Apparently, the program wanted to import all my email contacts so that I can give them free coffee, too. However, I never share my email password anywhere – I don’t care if it’s for a free cup of coffee or a free car.
I immediately hit the brakes on my registration. However, I did see an option where you can manually input email addresses. I then opted for that. After I entered four email addresses, my registration was complete and I received a confirmation email with a coupon for free coffee:
Perhaps this promo is legit. However, I give it a thumbs down because it asks for private information that not even your bank will ever ask for. Email passwords should never be requested, even when registration is necessary. Having to enter your email password should never have been an option for this promo.
UPDATE: Coffee Bean and Tea Leaf has replied to my email with an OFFICIAL STATEMENT regarding the status of Spread The Froth and the email password phishing issue! Click HERE to read the update.