/ Scams

Phishing warning: fake Sainsbury’s marketing survey email

Sainsbury’s has confirmed that an email promising £90 for taking part in a ‘marketing survey’ has nothing to do with it. Here’s what the email looks like.

We’re all used to seeing slick marketing from brands. Many feature recognisable logos and familiar brand colours to promote their offers across emails, social media, TV adverts… the list goes on.

But Sainsbury’s has confirmed that this ‘marketing survey’ email and the site it takes you through to have nothing to do with the supermarket. The survey and its offers of free ‘rewards’ are fake, and eventually encourage you to part with sensitive personal information.

Here’s what the email looks like:

Why the hassle of a fake survey?

Phishing attempts like this are becoming more sophisticated: fraudsters impersonating these companies know that posing as a well-known brand may not be enough to get someone to part with sensitive information, so are using more thorough tactics to gain your trust.

Completing the fake survey will take you through to another page dressed in Sainsbury’s branding that encourages you to ‘claim’ a reward. An ‘offer expires’ countdown is another sign that the site is attempting to rush you into making a decision.

Continuing to follow these links eventually takes you to a page encouraging you to enter sensitive information, such as your name, address and email, all of which could then be used by the people behind these fake emails.

A Sainsbury’s spokesperson said:

“Customers should always be mindful of phishing scams. This message is not from Sainsbury’s and we are advising customers to delete it”

Have you spotted fake ‘marketing’ emails?

In April, a similar ‘loyalty program’ email promising prizes and purporting to have been sent from Dyson was confirmed to be a fake. Have you noticed an increase in these types of tactics?

As always, if you think you’ve passed sensitive information, such as bank details, to scammers, let your bank know what’s happened straight away.

Guide: how to spot a scam

Guide: how to get your money back after a scam

Phishing emails can also be reported to the National Cyber Security Centre on report@phishing.gov.uk

Comments

I do not seem to have many fake emails (although having said that I had one two days ago purporting to come from my daughter-in-law but, luckily, my Defender chimed in and alerted me to a scam so I quickly deleted it) but last evening around 6 pm I had a phone call, asking for me by name and when questioned as to the sender, was told it was a financial matter and could only be dealt with by me (I had not acknowledged my name) so I promptly said ,”oh really” and put the phone down. As your other recipients say, we are being contacted constantly one way or another and my telephone number is unregistered !! so how does this happen ?

robert cook says:
4 July 2021

I’ve recently won an iphone, a macbook, a samsung phone … the list goes on. These bizarre prizes were announced in various ways but all ended up in my spam folder. Worryingly, or at least this is how it seems to me, this all started when i was buying/scrolling through ebay; there was some kind of guessing game with perhaps a dozen squares and one had to guess which one hid the iphone. My 3 guesses turned up nix, but just as i was moving on i was offered a bonus guess, and hey presto the iphone was mine! I thought this is rot and moved on. But then the announcements started coming, and usually i had just a few more hours to claim the prize, one was then taken to a page to claim the prize, and one had to pay, wait for it, 99 pence towards their postal costs. I just thought there’s no such thing as a free lunch and forgot about it and am never happy about giving bank details at the best of times and this was the worst. As I say I didn’t stop winning thereafter but i deleted most of it from the spam folder and ignored the rest. The spooky bit was the fraud appeared to start on an ebay page, or perhaps it was a fake page tacked on to ebay. I can’t be alone in this?

Do Not Bother Me says:
4 July 2021

I have a special email, phone number, userid/password and postcode which I use whenever I am suspicious why “they” need this information. I even use them when trying to get information from supposedly legitimate sources. If I choose to I can then correct the information held by legitimate businesses. Needless to say, the follow up gets lost in the dark.

I’ve used a false birth date for years, initially to receive special offers from restaurants etc. But now its a useful security tool.

I have just received an e mail ,supposedly from vehicle licencing ,saying that I have not paid my road tax ,and that I have 5 days to pay up or it will be passed to debt collectors .
“Click this link to pay”
There is no mention of my vehicle registration number ,but the euro mail does show fairly convincing gov.org headers.
It’s a good job I know when my road tax is due ,and know where the conformation e mail is

Martin

Martin – “Gov.org” is a far from convincing domain name. It immediately indicates a scam and is designed to fool people. The “.org” suffix is used for charitable, voluntary and other non-governmental organisations.

The authentic UK Government website address always ends in “GOV.UK”. The GOV.UK website links to all central government services and is a universal portal within which all functions can be found under various classifications.

Most local authorities also have a “gov.uk” website address [e.g. in my case “norfolk.gov.uk” and “norwich.gov.uk”].

It is a pity that the control and policing of domain names is so lax.

The official term now seems to be ‘vehicle tax’ rather than VED, car tax, road tax…

Good point, Wavechange . . . let’s see how long it takes the scammers to make the correction; with any luck they don’t open Which? Conversation.

I confess to having had to check.

I would have thought someone would have the common sense not to label this as a “tax”. Although Road Fund Licence was a misnomer, from a marketing viewpoint it took away the stigma of being yet another unwilling contribution to the government’s money pit.

At a cost of only £30 a year I am not too concerned, though my car covered only 2000 miles in a year, thanks to the amount I stayed at home.

It’s worth checking for the correct use of licence rather than license and licensing rather than licencing if you receive a suspect communication.

christine rhodes says:
16 July 2021

I recently received a text supposedly from the DPD delivery service telling me I must click on a link to pay £1.45 redelivery charge for a package they tried to deliver while I was out. I was expecting a package to be delivered, so foolishly I did so, entering in my Visa debit card details.

I then received a follow up call from a scammer pretending to be from the fraud department of Lloyds Bank telling me the text from DPD was a phishing scam and asking for my internet login account details in order to secure my account.

At this point I questioned if this was a genuine call, only to be told to check the number the scammer was calling from which was almost identical to that of the genuine Lloyds Bank number. He said the 1 number that was different was because it was his direct extension number.

The scammer seemed so nice, even agreeing with me what dreadful people scammers are! Before I could give any details the call cut off, probably due to my poor wifi signal. I then called Lloyds Bank direct using the number on the back of my debit card and was told that the call was definitely not from them.

They checked my account and no fraudulent debit had yet been made, so they cancelled my card as I had given the details in response to the fake DPD delivery text and within a couple of days a new card was issued.

I had a very lucky escape due to being too trusting. I am telling this story as other people may not be so lucky!

Glenis Brindley says:
22 July 2021

I’ve had so many scam emails, and over the last month they’re really escalated. I’ve had them from PayPal saying my account has been put on hold as there’s a problem with payments, and Amazon Prime saying my account has been suspended as I’m late paying. As Christine Rhodes says above I’ve had emails from DPD about re delivery of parcels (these have also come through via text) etc, and the latest ones are from Hermes about me being out when they’ve tried to deliver. This is the one I found the most troubling, as I shop with a catalogue and that’s the carrier used. The fact is made easier for me as I’m not going out at the moment so I know nobody has tried to deliver, but I feel bombarded by these things at the moment. At one time there were certain clues to look for, like not being addressed by name or the grammar not being good, but now even if you check the email address it’s come from, you can’t rely on the fact it won’t look genuine. It’s got so bad now, surely something could be done to help people decide when something’s real or a scam.