This week I feel I must write about a literal tsunami of scam emails that splashed into my inbox. Yes, this week it is the “free samples scam.”
I received several of these emails over the last week. Each offered free samples from well-known brands such as Mac Cosmetics, PG Tips and Vanish. I mean, who doesn’t like a free sample? Many beauty companies, for example, have a sales model based on giving out free samples. There is even a modern ‘thing’ called “Sample Hoarding” where people collect free samples, usually beauty products.
When several of these free sample emails dropped into my inbox this week, it was tempting to click a link whilst mentally thinking, “yes please!”
What was in the free sample scam email?
All of the emails used well-known brands. The brand image was displayed in the email in a very bold and graphic manner. The image itself was clickable. This is a cynical way to grab a click. You see the image of the brand, you think, “oh interesting” and you automatically click without thinking.
The knee-jerk reaction to a phishing email is the most dangerous of behaviours.
It is worth noting: These scam emails are not as obvious as some phishing emails. They were not poorly composed and did not contain misspellings. The email sender address did not particularly stand out; could this just be from a marketing company on behalf of a brand? It is this confusion and uncertainty that can be the difference between a click and a delete.
What happens if you click the link or image?
Clicking any of the links in any of the emails would put your computer at risk of some form of malware infection. An analysis of the links shows that the website you are taking to on clicking the link or image puts you at a high level of malware risk.
The ‘Click Culture” is a cybercriminal’s dream
If you do click and are taken to the infected website behind the free sample scam, changes could be made to your computer system to ready it for malware infection. Of course, this is only possible if there are flaws in your browser or other software. However…
It might also require a click to allow the change…
If you, like the rest of us, click, click, click on virtually every website you go to, you are part of the “Click Culture”. Modern sites require a cookie accept/deny click to view the content. This means that we have become desensitised to clicking. That old knee-jerk reaction cybercriminals love so much, has been normalised. Clicking has become a way of life for anyone who uses the internet.
This is why security awareness training can help to make people stop and think before they click.
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
The Free Samples Scam
You may have seen a number of emails come into your Inbox offering free samples of well-known brands such as PG Tips. Take great caution with any emails of this nature. They are unlikely to be legitimate and may potentially infect your computer with malware.
DO NOT CLICK ANY LINKS IN THE EMAIL. BE CAREFUL AS THE IMAGES ARE ALSO CLICKABLE
For more information on what to do if you receive a phishing email check out “What to Do if You Click on a Phishing Link?”