Issue 112 - March 2011 - Page 8
UK Post Office Online Reward Program Phishing Scam
Email purporting to be from Post Office United Kingdom claims that the recipient has received a cash reward via the Post Office United Kingdom Online Reward program. The recipient is instructed to follow a link in the message and enter his or her "bonus code" on a website form in order to claim the reward.
The email is not from the UK Post Office and the claim that the recipient is eligible to receive a cash reward is untrue. The email is a phishing scam designed to steal personal and financial information from recipients via a bogus website.
Detailed analysis and references below example.
Last updated: 15th February 2011
First published: 15th February 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: E-mail Bonus #152040
Greetings from Post Office United Kingdom
Welcome to the Post Office United Kingdom Online Reward program,
the first and largest loyalty program in the world!
We are proud to inform you that today, The UK Post Office rewarded you.
Please take the 4 steps survey. For your effort you will be rewarded you with £
Your bonus code is P742UK2910
Please track your Bonus Code in to:
and follow the reward steps.
Thank you very much for your help and your patient and hope you will enjoy
the UK Post Office reward program in the future.
UK Post Office Reward Department
According to this email, which claims to be from the United Kingdom Post Office, the recipient has been selected to receive a cash reward as part of the "Post Office United Kingdom Online Reward program". To claim the reward, the recipient is instructed to click a link in the email and enter personal and financial information, along with his or her "bonus code" into a website form.
However, the message is not from the UK Post Office and the promised reward does not exist. Those who fall for the ruse and follow the link will be taken to a fraudulent website designed to steal both their personal information and their credit card details. The link in the email is disguised to resemble a genuine UK Post Office web address. The bogus website includes graphics, formatting and secondary links designed to make it resemble the genuine UK Post Office website.
If a victim clicks on the link in the scam email, he or she will be first asked to provide name, contact and other personal details via a form on the bogus website as shown in the following screenshot:
Once the user has filled in this form and clicked the "Submit" button, he or she will then be taken to a second page that asks him or her to enter the "Bonus Code" included in the scam email:
Next, the victim will be taken to a third page that reloads the personal information submitted in the first form but also requests credit card details including the user's credit card account password:
After the "Submit" button on the final form is clicked, the bogus website will display a brief "Thank-you" message before redirecting the user to the genuine UK Post Office website. Because the scam sequence eventually takes the victim to the genuine post office website, he or she may not initially realize that skulduggery is afoot. Meanwhile, all information submitted on the bogus website will be sent to Internet criminals who can use it to commit credit card fraud and identity theft.
One quick giveaway that the bogus website is not what it claims to be is the fact that the form asking for personal and financial details is not on a secure (https) server
. No legitimate organization would ever ask for such sensitive information via an unsecure webpage.
This phishing scam is quite similar to a recent spate of survey phishing scams
that promise recipients substantial fees for participating in brief online surveys
. As in this case the purpose of these survey scams is to trick people into handing over their credit card details and other personal information. Internet users should be very cautious of any unsolicited email that claims that they can receive a cash payment or reward simply by filling in a short survey or providing their personal information. If you receive such an email, do not follow any links in the message or open any attachment that it may contain. Do not provide any information to the senders of the message either via a website form or by replying to the email.
Difference Between http & https
McDonald's Survey Phishing Scam Email
Coca Cola Survey Phishing Scam
Pages in this month's issue:
- Money Laundering Scam - Christchurch Earthquake Charity Support Job
- False Claim - Viral Video Shows 92 Year Old Ginger Rogers Dancing With Her Great Grandson
- Flu Remedy Myth - Onions Absorb Viruses and Bacteria From a Room
- False Claim - Onions are Magnets for Bacteria
- The Fly in the Urinal - Schiphol Airport Toilet Aim Improvement Technique
- Blackberry Award Advance Fee Scam
- Overblown Warning - Phone Numbers Now On Facebook
- UK Post Office Online Reward Program Phishing Scam
- Amber Alert Hoax - Mitsubishi Eclipse With Plate Number 98B351
- Hitman Payoff Scam Email
- Facebook 'See Who Viewed Your Profile' Scams - Rogue 'Stalker' Apps
- Analysis of a Hijacked Account Overpayment Scam - Boat and Trailer For Sale
- Tick Removal Advice - Liquid Soap Technique
- Does Rubbing Vicks VapourRub on Your Feet Relieve Coughing?
- Mike The Hacker Scam Emails
- DVLA Update Driver's Licence Phishing Scam
- Plea to Help Find Homes for 52 Thoroughbred Horses
- Prime Minister Howard - Muslims Out Of Australia
- Unsubstantiated Rumours Claim Michelle Obama is Pregnant
- AOL 'Billing Update Must be Performed' Phishing Scam
- Health Canada Warning - Over The Counter Drug Recall
- Do Not Call - Mobile Phones Going Public Hoax
- Facebook Grant Award Advance Fee Scam
- Post Express 'Incorrect Delivery Address' Malware Emails
- Adobe Acrobat Upgrade Phishing Scam Emails
- Mobile Phone Tips - Things You Never Knew Your Mobile Phone Could Do
- Telstra Bill Account Update Phishing Scam