Surveys from well-known brands and not so well-known ones are everywhere. I receive email surveys on a fairly regular basis that are totally legitimate. Usually, these surveys offer a nice prize if you are drawn as a winner after completing the survey. I have one such email from a large well-known UK supermarket, that has a link to such a survey in the body of the email. That email is legitimate. More on this later…
This week’s scam is yet another survey from a supermarket, except this time it is not legitimate and is a well-disguised phishing email.
How to Tell a Legitimate from an Illegitimate Supermarket Survey?
The email scam received this week, looked like it was from Asda. The email offered me a link to a survey and a chance to win money by completing the survey. It also had another link to a different “you have won” option; the usual rules of too good to be true kicked in.
When checked out, the email had five phishing links, including the image itself.
The most obvious and noteworthy identifying element that this was a scam was the “from” email address. It was clearly NOT an address that was associated with Asda.
When you receive a suspicious email or even one that looks legitimate but has enticing links to click on, check the ‘from’ address.
However, sometimes fraudsters will use very similar looking email addresses to those used by the brand. If our scammer had used, for example, email@example.comI may not have noticed it was a scam as easily.
The other less obvious signs that this enticing offer was, in fact, a scam included very poorly composed body content. A good example being the line
“Your will be presented with several exclusive reward offers”
What Happens If You Click the Link to the Survey?
We ran the link through an analyser and found that it redirected to another website that was infected with malware.
If you clicked on the link, there would be a good chance your computer would become infected with this malware.
To avoid malware infection, you should always avoid clicking on email links.
But also, always keep your computer operating system up to date and all software fully patched.
Some Notes from the Legitimate Supermarket Survey Email
The legitimate email from another supermarket offering a financial inducement to complete a survey had some similar elements to our spoof email.
- It had several clickable links including the image
- It did NOT use my name in the salutation, instead using “Hello Customer” – this is bad practise and anti-phishing groups recommend that any communication to a customer should use their actual name
It can be incredibly difficult to discern a real email from a spoof email. Only by being highly vigilant and knowing what to look for can you hope to have any chance of picking the good from the bad.
Always remember, it is best practise to not click on links unless you are 100% sure of the sender.
In terms of organisations sending out links to surveys in an email, it might be better practise to look at alternative ways for customers to take these surveys. Perhaps hosting them in an obvious place on the website so people can go directly there, rather than playing link click roulette.
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
Asda Survey Scam
An email which uses the Asda brand is going around. This email asks you to click on a link to take a survey. It also offers the chance to win money.
DO NOT CLICK ANY LINKS IN THIS EMAIL! This is a phishing email and may infect your computer with malware.
Don’t forget to share this with your colleagues and friends and help them stay safe.