554 words, approx. 2.5 minutes to read.
Scammers regularly find ways to pretend to be a reputable business, in an attempt to access your personal data. These types of scams is called ‘phishing’.
We have seen a number of these scams and want you to be aware of them.
Co-op £200 gift card pop up
There is an internet scam appearing to offer a Co-op gift card worth £200 if you click on a link and enter your personal details. The “offer” appears in a pop-up window in your browser and asks you to answer three shopping-related questions, then fill in your personal details. Here it is:
This is a clever and professional-looking pop-up, but it is not a genuine offer. If something looks too good to be true, it probably is, so when you see similar pop-up windows make sure you:
- Examine the message closely for obvious signs of fraud such as poor spelling and grammar
- Check the website address – if it looks odd, or different to the genuine retailer, close the pop-up immediately and check with the retailer
- Ensure your antivirus is up to date and scan your computer for possible malware infections.
Co-op £100 gift voucher email
This email is quite authentic looking, but the main giveaway is the sender’s name and domain address.
The sender’s name and domain can be masked, so you can’t trust that alone. However, if you’re unsure, hover over or right click on the send name and look at the send properties, to see the email address it’s actually from.
Some email services e.g. Google Mail behave differently and depending on your settings you may be able to just hover over the email itself to see the real address.
Action Fraud offer this additional advice on spotting scam emails;
- You weren’t expecting to get an email or attachment from the company that appears to have sent it
- The sender’s email address doesn’t look the same as the real organisation’s website address
- The email is sent from a completely different address or a free webmail address like Gmail or Hotmail
- The email does not use your actual name, but uses a non-specific greeting like ‘dear customer’ (real companies are more likely to personalise the email)
- A sense of urgency; for example the threat that unless you act immediately your account may be closed
- The email may include a website link, which can be forged or seem very similar to the proper address, but even a single different character means a different website
- A request for personal information such as username, password or bank details
- The email may contain spelling and grammar errors, or strange language
- The entire text of the email is contained within an image rather than the usual text format
- The image contains an embedded hyperlink to a bogus site
What to do if you’re sent a scam email:
- Don’t open any attachments or links in the email
- Don’t reply to the email, contact the sender or fill in any information
- Delete the email and then delete it from your trash too
- Report any suspicious emails to Action Fraud
- If you’re a Co-op colleague and you get suspicious emails to your work email address, forward them on, with the word ‘phishing’ in the subject line, to our Information Security team on firstname.lastname@example.org, before deleting them
Information Security Education and Awareness Manager