Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation










Issue 112 - March 2011 - Page 8

UK Post Office Online Reward Program Phishing Scam

Issue 112 Start Menu

Previous Article            Next Article

Outline
Email purporting to be from Post Office United Kingdom claims that the recipient has received a cash reward via the Post Office United Kingdom Online Reward program. The recipient is instructed to follow a link in the message and enter his or her "bonus code" on a website form in order to claim the reward.



Brief Analysis
The email is not from the UK Post Office and the claim that the recipient is eligible to receive a cash reward is untrue. The email is a phishing scam designed to steal personal and financial information from recipients via a bogus website.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:




Last updated: 15th February 2011
First published: 15th February 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: E-mail Bonus #152040

Greetings from Post Office United Kingdom

Welcome to the Post Office United Kingdom Online Reward program, the first and largest loyalty program in the world!

We are proud to inform you that today, The UK Post Office rewarded you. Please take the 4 steps survey. For your effort you will be rewarded you with

Your bonus code is P742UK2910

Please track your Bonus Code in to:

[Link removed]

and follow the reward steps.

Thank you very much for your help and your patient and hope you will enjoy the UK Post Office reward program in the future.

Sincerely,
Sandra [Removed]

UK Post Office Reward Department




Detailed Analysis
According to this email, which claims to be from the United Kingdom Post Office, the recipient has been selected to receive a cash reward as part of the "Post Office United Kingdom Online Reward program". To claim the reward, the recipient is instructed to click a link in the email and enter personal and financial information, along with his or her "bonus code" into a website form.

However, the message is not from the UK Post Office and the promised reward does not exist. Those who fall for the ruse and follow the link will be taken to a fraudulent website designed to steal both their personal information and their credit card details. The link in the email is disguised to resemble a genuine UK Post Office web address. The bogus website includes graphics, formatting and secondary links designed to make it resemble the genuine UK Post Office website.

If a victim clicks on the link in the scam email, he or she will be first asked to provide name, contact and other personal details via a form on the bogus website as shown in the following screenshot:

UK Post Office Reward Scam 1

Once the user has filled in this form and clicked the "Submit" button, he or she will then be taken to a second page that asks him or her to enter the "Bonus Code" included in the scam email:

UK Post Office Reward Scam 2

Next, the victim will be taken to a third page that reloads the personal information submitted in the first form but also requests credit card details including the user's credit card account password:

UK Post Office Reward Scam 2

After the "Submit" button on the final form is clicked, the bogus website will display a brief "Thank-you" message before redirecting the user to the genuine UK Post Office website. Because the scam sequence eventually takes the victim to the genuine post office website, he or she may not initially realize that skulduggery is afoot. Meanwhile, all information submitted on the bogus website will be sent to Internet criminals who can use it to commit credit card fraud and identity theft.

One quick giveaway that the bogus website is not what it claims to be is the fact that the form asking for personal and financial details is not on a secure (https) server. No legitimate organization would ever ask for such sensitive information via an unsecure webpage.

This phishing scam is quite similar to a recent spate of survey phishing scams that promise recipients substantial fees for participating in brief online surveys. As in this case the purpose of these survey scams is to trick people into handing over their credit card details and other personal information. Internet users should be very cautious of any unsolicited email that claims that they can receive a cash payment or reward simply by filling in a short survey or providing their personal information. If you receive such an email, do not follow any links in the message or open any attachment that it may contain. Do not provide any information to the senders of the message either via a website form or by replying to the email.

Bookmark and Share

References
Difference Between http & https
McDonald's Survey Phishing Scam Email
Coca Cola Survey Phishing Scam




Previous Article            Next Article

Issue 112 Start Menu

Pages in this month's issue:
  1. Money Laundering Scam - Christchurch Earthquake Charity Support Job
  2. False Claim - Viral Video Shows 92 Year Old Ginger Rogers Dancing With Her Great Grandson
  3. Flu Remedy Myth - Onions Absorb Viruses and Bacteria From a Room
  4. False Claim - Onions are Magnets for Bacteria
  5. The Fly in the Urinal - Schiphol Airport Toilet Aim Improvement Technique
  6. Blackberry Award Advance Fee Scam
  7. Overblown Warning - Phone Numbers Now On Facebook
  8. UK Post Office Online Reward Program Phishing Scam
  9. Amber Alert Hoax - Mitsubishi Eclipse With Plate Number 98B351
  10. Hitman Payoff Scam Email
  11. Facebook 'See Who Viewed Your Profile' Scams - Rogue 'Stalker' Apps
  12. Analysis of a Hijacked Account Overpayment Scam - Boat and Trailer For Sale
  13. Tick Removal Advice - Liquid Soap Technique
  14. Does Rubbing Vicks VapourRub on Your Feet Relieve Coughing?
  15. Mike The Hacker Scam Emails
  16. DVLA Update Driver's Licence Phishing Scam
  17. Plea to Help Find Homes for 52 Thoroughbred Horses
  18. Prime Minister Howard - Muslims Out Of Australia
  19. Unsubstantiated Rumours Claim Michelle Obama is Pregnant
  20. AOL 'Billing Update Must be Performed' Phishing Scam
  21. Health Canada Warning - Over The Counter Drug Recall
  22. Do Not Call - Mobile Phones Going Public Hoax
  23. Facebook Grant Award Advance Fee Scam
  24. Post Express 'Incorrect Delivery Address' Malware Emails
  25. Adobe Acrobat Upgrade Phishing Scam Emails
  26. Mobile Phone Tips - Things You Never Knew Your Mobile Phone Could Do
  27. Telstra Bill Account Update Phishing Scam