Warning: Facebook ‘Aldi meat box’ scam steals your payment info – here’s how to stay safe

A new phishing scam is making the rounds on Facebook, targeting anyone looking for a deal on groceries. According to a report published by Security Boulevard on May 19, 2026, scammers are running fake ads that promise steep discounts on Aldi meat box bundles. Clicking the ad leads to a convincing-looking phishing site, where victims are asked to enter their credit card details—only to have that information stolen and used for fraudulent charges.

If you or someone in your family regularly shops for groceries on social media, this is worth understanding. The scam plays on exactly the kind of urgency and discount appeal that works well on platforms like Facebook.

What happened

Security researchers identified a network of fake Facebook pages and advertisements that appear to offer Aldi meat boxes at prices far below retail—typically $20 or $30 for what would normally cost well over $100. The ads often include phrases like “Limited supply” or “Flash sale,” and they link to a website that mimics Aldi’s branding but uses a slightly misspelled URL (for example, “aldi-deals.shop” or something similar).

Once a user lands on the fake site, they are prompted to select a meat box and then enter their name, address, email, and payment card information to complete the purchase. The site processes the payment in appearance, but no actual product is ever shipped. Instead, the victim’s card details are captured by the scammers, who can then use them for unauthorized transactions or sell them on the dark web.

As of May 2026, the scam is actively circulating. Security Boulevard’s report notes that multiple victims have reported unauthorized charges to their banks after submitting their information.

Why it matters

This scam is effective for a few reasons. First, grocery discounts are a sensitive topic—many households are looking to save money, especially with food prices still high. Second, the fake site looks professional at first glance, and the scam uses Facebook’s ad platform to reach a large audience quickly. Third, because the transaction appears to go through normally, victims may not realize their data was stolen until they see unfamiliar charges days later.

Beyond the immediate financial loss, there is also a risk of identity theft. The scammers collect full names, home addresses, and email addresses in addition to payment data. That combination can be used for further phishing attempts or account takeovers.

The wider lesson here is that even well-known brands like Aldi can be impersonated on social media. No platform—Facebook included—catches every fraudulent ad before it goes live. Relying on a brand’s official page or website is always safer than clicking an ad in your feed.

What readers can do

If you come across an ad or post offering Aldi meat boxes at an unusually low price, here are practical steps to avoid the scam:

  1. Check the URL before entering any information. Official Aldi websites use domains like aldi.us or aldi.co.uk, not third-party subdomains or misspelled variants. If the domain looks off, close the page.

  2. Look for red flags in the ad itself. Poor grammar, generic images, and an urgent “only a few left” message are common in scams. Also check the Facebook page that posted the ad. Scam pages are often newly created and have few followers or suspicious content.

  3. Navigate directly to the official website. Instead of clicking an ad, open a browser and go to aldi.com or your local Aldi site. If the deal is legitimate, it will be advertised there too.

  4. Use a credit card or virtual payment method. Credit cards typically offer better fraud protection than debit cards. Some banks and card issuers allow you to generate a one-time virtual card number for online purchases, which limits the risk.

If you already entered your payment info

Act quickly. Call your bank or card issuer immediately and tell them you may have given your card details to a phishing site. They can freeze the card, issue a replacement, and dispute any unauthorized charges. Also change the password on your email account and any other account where you may have used the same password. Consider placing a fraud alert on your credit file if the site collected your Social Security number or other sensitive data.

Finally, report the ad to Facebook by clicking the three dots in the top right of the post and selecting “Report ad.” This helps reduce the chance that others will see it.

Prevention going forward

Enable two-factor authentication on your payment accounts and email. Use a separate email address for online shopping so that if it gets leaked, your primary account is not directly exposed. And make it a habit to avoid clicking ads on social media entirely—bookmark the official sites you shop from and visit them directly.

Staying safe online often comes down to pausing for a moment before entering sensitive information. If a deal seems too good to be true, it probably is. Share this warning with friends and family, especially those who may not follow cybersecurity news closely.

Sources

  • Security Boulevard, “Facebook scam promises cheap Aldi meat boxes, steals payment info instead,” May 19, 2026. Link