A deceptive online campaign is tricking thousands of users into costly subscription scams using fake McDonald’s meal offers on social media, cybersecurity firm Bitdefender has warned. The scam, which began circulating on July 17, has already reached more than 10,000 people across Romania and is now expanding to other countries including Hungary and the Netherlands.
Social Media Ads Promote “Too Good to Be True” Meal Deals
The campaign is centered around Facebook and Instagram ads that promote a “Triple Deal” menu under the fake brand McDelight România. For just 10 Romanian leu (approximately $2), users are promised a combination meal that includes:
- A hamburger, cheeseburger, Big Mac, and chicken burger
- Four portions of fries
- Four Coca-Colas
Once users click the ad, they are prompted to take a brief three-question survey and play a click-style game that supposedly determines whether they “win” the prize. However, Bitdefender notes that every participant is shown as a winner, regardless of their responses.
Hidden Subscription Charges Totaling Over $70 Every Two Weeks
To claim their reward, victims are redirected to a payment form that appears legitimate and is filled with fake customer reviews. In reality, completing the form subscribes the user to a bi-weekly charge of €63.42 (approximately $73).
According to Bitdefender, “Instead of a cheap treat, the people who fall for it find themselves subscribed to a 63.42 EUR bi-weekly charge.”
This information is buried in the fine print, making it difficult for users to realize they are signing up for a recurring payment. The intent is to exploit trust in the McDonald’s brand and create a false sense of urgency.
Multiple Ad Variants Detected Across Meta Platforms
Bitdefender researchers have already identified at least six ad variants on Meta platforms. All carry the McDelight România branding and use similar hooks to lure victims. The fake ads have also begun appearing in other European countries, signaling that the campaign is actively expanding its reach.
The security firm advises that users should never trust promotional sites that request payment details upfront for supposed free offers. Additionally, Meta users are encouraged to report such ads and contact their financial institution immediately if unauthorized charges appear.
Bitdefender’s Warning to the Public
Bitdefender has issued a clear reminder for consumers:
“Remember – no legitimate company will charge €63.42 every two weeks for a ‘free’ meal.”
The company also emphasized the importance of reading the fine print on any promotional offer and avoiding entry of sensitive financial details on suspicious websites.
