Issue 144 - December 2012 (1st Edition) - Page 10
Tesco Christmas Voucher Phishing Scam
Outline
Email claims that Tesco Bank is giving out free Tesco Christmas shopping vouchers to recipients who click a link to validate their account details.
Brief Analysis
The email is not from Tesco. The "validate link" in the message opens a bogus website that asks users to supply their Tesco account login details along with their email account information. This information can be collected by scammers and used for bank fraud and identity theft. If you receive this email, do not click on any links or open any attachments that it contains.
Last updated: November 22, 2012
First published: November 22, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Example
Subject: Free Tesco Christmas Voucher Shop For Free
Dear Customer
Tesco Bank is giving you a chance to shop for free
at any of our tesco outlets or online by giving out
free tesco vouchers.
This offer is only for Tesco Credit Card owners and it
will be on until the 1st of January,2013.
To Qualify,follow the link below and input all the details required
Click here to validate
After validation,if selected your voucher will be sent via text message
or posted to your Mailbox.
Tesco Personal Finance Online Service
Detailed Analysis
This email, which purports to be from Tesco Bank, claims that recipients can qualify for a free Tesco Christmas shopping voucher by clicking a "validate" link and supplying their account details. According to the message, the voucher will be sent to them via email or text message after they have completed the validation process.
However, the email is not from Tesco and the promised vouchers are just the bait used to
hook unwary recipients. Those who follow the link will be taken to a bogus website and asked to enter their username to login:
After entering their username and clicking the "Login" button, they will be taken to a second fake page that ask for bank access details as well as their phone number, email address and email password.
After supplying the requested information, and clicking "Next", victims will be automatically redirected to the genuine Tesco website.
Meanwhile, the criminals running this
phishing campaign can collect all of the information submitted on the fake website and use it to hijack real Tesco online accounts. They can also use the stolen information to hijack email accounts and use them for
further spam and scam campaigns. Of course, victims will never receive the promised shopping vouchers, which never existed in the first place. If you receive this email, do not click on any links or open any attachments that it contains.
It is always safest to login to all of your online accounts by entering the account web address into your browser's address bar rather than by clicking a link in an email.
References
Phishing Scams - Anti-Phishing Information
Friend Stranded in Foreign Country Scam Emails
Pages in this issue:
- Jetstar 'Flight Itinerary' Malware Email
- WhatsApp 'Logo Will Turn Red' Hoax
- Christmas Cards for Recovering American Soldiers
- Virgin Money 'Re-Confirm SiteKey' Phishing Scam
- How to Survive a Heart Attack When Alone Hoax
- Facebook Deleting Inactive Users Hoax
- Completely Pointless and Misleading 'Facebook Privacy Notice'
- Absurd Warning - 'LOL' stands for 'Lucifer Our Lord'
- Bogus Prize Offers on Facebook - 'Like and Share To Win'
- Tesco Christmas Voucher Phishing Scam
- DEW Bottled Water Fatal Poisoning Hoax
- ANZ 'Reward for Loyal Customers' Phishing Scam
- Chase Paymentech 'Merchant Billing Statement' Malware Email
- Undertaker - John Cena 'Bloodiest Fight Ever' Survey Scam
- Padlock on Facebook Home Page Hacker Warning Hoax
- Woolworths 'Customer Satisfaction Survey' Phishing Scam
- Target 'Free Gift Voucher' Survey Scam
- Another Pointless Facebook Warning - Hackers Posting Insulting Messages In Your Name
- Fake Tsunami Warning 'News' Report Points to Malware
- Reserve Bank Of India Phishing Scam
- Better Business Bureau 'Complaint Received' Malware Emails
