/ Technology

Did you receive an invite to win ‘Sainsbury’s’ vouchers on WhatsApp?

WhatsApp

A new scam is doing the rounds on free messaging site WhatsApp – don’t fall for it.

As the January discounts begin to dwindle, new promotional deals are sparking my attention.

So when a colleague showed me a message she’d received from a friend on WhatsApp offering her the chance to win a £250 Sainsbury’s gift card, I was naturally interested.

scam message

For starters, it sounded like an awesome deal; secondly, it was sent from her friend in a group chat on WhatsApp; and finally, the URL in the message looked legitimate – at least on first glance.

A rise in sophisticated scams

But, as we discovered, clicking on the URL actually benefits no one – unless you’re the scammer who devised the message.

While it appears to send you to the official Sainsbury’s website, it’s actually a fake website.

Once you’ve clicked on the link, you’re then asked to fill in a survey and send the link, complete with its message, on to 10 friends in exchange for the voucher.

This is designed to trick you into distributing the scam to your friends on WhatsApp.

It’s pretty clever and it’s exactly the type of super scam that contributed to the cost of fraud to the UK rising to more than £1 billion last year.

While we think more needs to be done to safeguard us all from scams and cyber-crime, there are steps you can take to avoid falling victim.


What to look out for

So how can you recognise a scam message when you see one and stop the scammers in their tracks?

Well, when it comes to this particular scam, there are several tell-tale signs.

Initially, the URL looks authentic over two lines in the body of the message. But, of course it isn’t.

The majority of companies trademark their name and their website domain name will usually match it.

With fraudulent websites, they will often use the recognisable company name as part of the web address, but it will be accompanied by words such as ‘deals’ or ‘promos’.

Also, if it was a genuine site, there wouldn’t be a “-”, it would be a “/” in the URL, and it certainly wouldn’t contain both .co.uk and .com.

If ever in doubt, it’s always worth opening a new tab on your browser and checking the URL structure of the actual site before clicking on any links.

You should also think about who purportedly sent you the WhatsApp message – would they really send it with two love hearts?

What to do if you clicked on the site

If you click through and are on the site, take some time to double-check the homepage and the ‘about us’ sections.

Be sure to watch out for poor spelling and grammar mistakes, or phrases that don’t sound quite right..

If you receive a scam message similar to this, make sure you report it to the brand or retailer it appears to be from, too.

Sainsbury’s are advising recipients of the message to delete it, and not to click on the link or provide any details.

If you’ve already shared your information, it advises you contact your card provider or bank for advice.

Did you get the same WhatsApp message? What did you do about it? Have you noticed an increase in the number of cyber crimes lately?

Comments
Member

One significant move would be for domain name resellers to be brought into line by being stopped from selling already registered business domains to non-domain holders. InterNIC could put a stop to that practice and does – in certain cases. As long as scammers can buy reasonable-sounding domain names this will only get worse.

Member

This is very hard to make feasible. To give the above scam as an example, the scammer simply registered the domain name uk-vouchers.com. Nothing wrong with an address like that. Once you’ve registered your own domain name, you can put anything you like in front of it because it’s your own domain. The scammer simply chose to put sainsburys.co in front.

Member

Or uk-promos.com in the first example.

But absolutely right. Read the website name from right to left, and only up to the second or third dot. If this part, called the domain name, doesn’t match the standard domain name for the company (e.g. sainsburys.co.uk), treat it with suspicion.

The part to the left of the domain name (called the subdomain) can be anything you like.

At best, you are dealing with a marketing agency rather than the company itself and will get bombarded with further promos until you opt out, but it could be far, far worse.

Always make this check before connecting to banks and other financial institutions and never click the link in an email or website, but retype it yourself. A common trick is to use a slight typo to fake up a domain name that looks safe, and be especially wary of anything in capitals e.g. NATI0NWIDE.CO.UK – did you spot the zero?

Member
bishbut says:
27 January 2017

You must be as smart and clever as the scammers as the will always try a new scam using a different company or organisation NEVER TRUST ANY EMAIL OR PHONE TEXT MESSAGE AS GENUINE UNTIL YOU HAVE GIVEN IT MUCH THOUGHT if in any doubt DELETE TAKE NO RISKS AT ALL ITS YOUR MONEY THEY WANT CHECK USING ANY OTHER SAFE METHOD a safe method can be always be found TRUST NO ONE BE SAFE NOT SORRY

Member
jskinner says:
28 January 2017

One of these is also doing the rounds from Marks and Spencers too – I was aghast to receive a message like this from my mum, who’s usually smarter than that.

Member

Yes – this is sinister stuff. It plays on the psychology that people want it to be from M&S because they have good feelings towards the company, the brand and its shops so they are not expecting any tricks or traps. This is why I think such companies have a strong duty to always present their own communications very carefully without any silly gimmicks that are easy to spoof.

I don’t suppose there’s a personal computer in the UK that hasn’t browsed the M&S website at some time so it’s familiar and doesn’t arouse any suspicion.

Member
E. Blunden says:
28 January 2017

I received one of these Sainsbury messages offering me a £250 voucher in my spam folder on a couple of occasions. I did not click on the links as I do not trust these too good to be true offers.

Member
R Gradeless says:
28 January 2017

The petition we are invited to sign in relation to the Sainsbury scam reads

“Fraud is now at record levels, with more than five million scams costing Brits a mind-boggling £9bn each year. And while there are steps we can all take to avoid being scammed, much more needs to be done by banks to protect us. Sign the petition to force the regulator to make banks more liable for fraudulent bank transfer payments.”

This scam has nothing to do with the banks. How can they do anything about scams like this? I believe the petition is badly thought out.

If banks are required to act on scams and frauds they will remove banking services from those groups and individuals who they believe are more susceptible to these activities. This could mean loss of online access or delays in sending payments so that the victim or a responsible person has a chance to review a transfer before it is made. The road to hell is paved with good intentions.

Member

I agree with you. Which? Conversation has a strange habit of putting unrelated polls and petition panels adjacent to or in the middle of the introductory articles. The petition shown on this page is a portmanteau petition against all scams but you are quite right that it is entirely irrelevant to the subject of this particular topic. I am also amused by the notion that signing the petition will force the regulator to do something; when did that ever happen? At best it might incline the regulator in the desired direction.

Member

The polls are not static but random. Above poll this time says “Are household appliances less reliable than they used to be?”

Member

No wonder people get confused! I must admit I don’t pay much attention to the polls and petitions and I rarely revisit an Intro after I have read it.

Member

Hi R Gradeless, thanks for the feedback and we take your point. The campaign is broadly to call on the government and regulators to do more to safeguard us all from scams. However, our most recent focus in the campaign has been looking at bank transfer scams, as part of this we made a super-complaint to the Payments Systems Regulator to review bank transfer scams. To clarify the campaign we’ve made a small edit to the campaign site. Thanks for flagging.

Member
Delilah says:
29 January 2017

I had a similar one sent to me by a friend from Marks and Spencer over X’mas which I suspected was a scam.
I get repeated advice to click to a link to fill in to complete my Tax. return. I tend to delete them. However, one is never sure whether these are genuine as many communication are done via Text.

Member
Priscilla says:
29 January 2017

Everyone should report these scams and maybe something will be done about them else they keep coming!