The Starbucks Bearista Cup scam is a phishing campaign that impersonates Starbucks and advertises a free Bearista Cup through fake giveaway emails. The messages use Starbucks branding, trending product imagery, and urgent language to push recipients into clicking a promotional image that leads to survey pages and fraudulent checkout forms designed to steal personal and payment information. None of the emails, pages, or offers involved in this campaign are associated with Starbucks.
The Bearista Cup is one of the most discussed Starbucks items of 2025. Its popularity on TikTok, Instagram, and other platforms makes it an attractive target for scammers who rely on recognizable and desirable products to gain trust quickly. Different versions of the phishing email circulate at the same time. Subjects, sender names, message layouts, and redirect URLs vary between messages. The example shown in this article represents one instance of the campaign, but recipients may encounter similar variations that operate in the same manner.
The Scam Email
One observed email in this campaign appears to come from “Starbucks (Bearista Cup)” with the sender address HCPAvvWShL@biffalojp.com. The message instructs the recipient to claim a free Starbucks Bearista Cup before a certain time. The body contains minimal text along with a large promotional image. This image is linked to an IP based redirect:
http://119-235-254-100.medbook.ucsc.edu/sdfqsdfqdfgssdfh.html
These redirect URLs are common in phishing operations. They allow attackers to host temporary landing pages that change frequently and are harder for automated systems to categorize. Once clicked, the victim is immediately forwarded to a fraudulent Starbucks themed survey page.
The Fake Starbucks Survey Page
The redirect leads to a fake survey hosted on onlineexclusivezone.com. A WHOIS Lookup shows the domain was registered in September 2025 through NameCheap. The page borrows Starbucks themed colors and design elements and displays a fabricated date stamp to appear current. It congratulates the visitor and states that they can receive a Starbucks Bearista Cup by answering a short questionnaire.
The survey questions have no functional value. They are meant to prolong engagement and increase the perception of legitimacy. After completing the questions, the victim is automatically forwarded to a checkout page. This transition mimics the structure of legitimate online promotions but serves only to move the user deeper into the fraudulent funnel.
The Fake Checkout Page
The final stage of the scam is a fraudulent checkout form that claims a small fee is required to ship the free Bearista Cup. These pages often use countdown timers, statements like “limited stock,” and fake customer comments to push victims into completing the form quickly. The pages request personal and financial data including:
- Full name
- Email address
- Phone number
- Home address
- City and state
- Postal code
- Payment card details
None of this information is used for shipping. Instead it is collected by the scammers and may be used for unauthorized transactions, identity related fraud, or sold on criminal marketplaces. Many similar giveaway scams result in victims experiencing fraudulent charges shortly after completing the form.
Why This Scam Is Effective
This campaign benefits from several factors that make it more convincing than older phishing attempts:
- Trending product appeal. The Bearista Cup is a high demand item in 2025 and its popularity increases the likelihood of user engagement.
- Brand recognition. Starbucks is a widely trusted company and scammers exploit familiarity to reduce skepticism.
- Minimal message content. Short emails with a single clickable image often bypass spam filters and encourage impulsive clicks.
- Rotating infrastructure. Changing domains, IP based redirects, and multiple survey layouts make the campaign difficult to block.
- Reward psychology. Offering a free trending product creates urgency and excitement, which lowers caution.
These elements produce a convincing environment that encourages victims to proceed without verifying the legitimacy of the promotion.
Domain and Infrastructure Analysis
Domains used in this scam rotate frequently. One of the primary survey domains observed is onlineexclusivezone.com. WHOIS records confirm it was registered in September 2025, uses privacy shielding, and was created specifically for commercial style deployments. These characteristics align with domains often used in short lived phishing schemes. The initial IP based redirect allows attackers to distribute traffic to whichever survey or checkout domain is active at the time.
Because the attackers change domains regularly, users may encounter different URLs throughout the campaign. The infrastructure is designed to be temporary and easily replaced once discovered.
Comparison to Similar Scams
This operation resembles other giveaway scams that impersonate major retailers. A similar campaign used the Starbucks brand by offering a fake Yeti Rambler Tumbler. That report can be found here: Starbucks Yeti Rambler Tumbler Reward Scam. Both campaigns use trending products, fake surveys, and fraudulent checkout pages to harvest personal and financial information.
How to Protect Yourself
To avoid falling victim to the Starbucks Bearista Cup scam, consider the following precautions:
- Do not click links or images in unsolicited promotional emails.
- Verify giveaways directly on the official Starbucks website.
- Check the sender domain. Real Starbucks emails use legitimate Starbucks domains.
- Be cautious of pages that request personal or payment information for free items.
- Use security software that detects phishing pages and suspicious redirects. A trusted option is Malwarebytes.
What to Do If You Entered Information
If you submitted information on one of these fraudulent pages, take immediate action:
- Contact your bank or card issuer and report the fraudulent activity.
- Request a replacement card and monitor your account closely.
- Change passwords for any accounts that may be affected.
- Scan your device for malware and unwanted scripts.
- Watch for additional phishing attempts, which often target previous victims.
How to Report the Scam
Reporting these incidents helps prevent further victimization. You can report this scam to:
- FTC Report Fraud
- IC3 Internet Crime Complaint Center
- Your local consumer protection agency
- Your email provider by marking the message as phishing
For more scam alerts and cybersecurity updates, visit the Botcrawl scams section.
- Mothers and Kids Support Forum Email Scam Promises Fake $2 Million Donation
- OneDrive Email Scam: How It Works, Warning Signs, and How to Stay Protected
- Women and Children Support Foundation Email Scam Promises Fake $1 Million Donation
- Uphold Scam Uses Fake Data Breach Emails to Steal Accounts
- Prime Video Scam Emails Use Fake Payment Alerts to Steal Personal and Financial Information
Related Posts
