A stark warning has been issued over a new email phishing scam where fraudsters can steal people's card details and empty their bank accounts.
Experts at secure card payments provider Dojo say emails, claiming to be from Argos, are offering a free Ninja Air Fryer if users participate in an online survey and then enter their card payment details to receive the free item. The scam sends people to a seemingly ‘official’ Argos page to complete the survey, but there are numerous red flags that consumers should be aware of.
Firstly, the website address and email aren’t coming from Argos or Sainsbury’s official domain, and the currency is in dollars. There is also a timer that warns the offer will disappear, to add time pressure on victims to encourage them to fill out the survey and input personal details.
Read More: Warning as cruel scammers use fake appeals to profit from Turkey-Syria earthquakes
Having acquired stolen card details, scammers can use them to make lavish online purchases and empty bank accounts, causing a huge loss to victims. A similar scam, involving Currys Smeg Kettle, was also recently doing the rounds.
Naveed Islam, chief information security officer at Dojo, has provided advice to people who have received similar texts or emails. He said: "A key warning sign for a scam is to entice consumers with free items that are just too good to be true. Quite often, these offers will be time-limited to cause extra pressure on victims to enter their bank details without necessarily double-checking the legitimacy of the offer, and this is what we can see in the Argos scam.
"With the recent Currys scam and now the scam moving onto other retailers including Argos, consumers should be extremely vigilant with any offers that they see in their inbox or on social media. If you have fallen victim to a scam, contact your bank immediately to suspend your card and account. Your bank or building society will then be able to provide specialist support from their scam unit.
"Ultimately, if you have any doubt about the authenticity of a text message or email, it’s probably a scam. Take a minute to think about the message; were you expecting it, have you checked for spelling mistakes and double-checked the sender's address?
"If the email address from the sender doesn’t look like it’s from a genuine address, don’t click on it. If you think it is a scam, you can forward the email as an attachment to Action Fraud who will investigate, or alternatively forward it to report@phishing.gov.uk."
An Argos spokesperson said: "We are aware of this phishing scam and are working hard to take these sites down. These emails are not from Argos, we advise customers to delete and report them to us. We work hard to protect our customers and encourage them to be mindful of this type of scam, which often use household brand names."
Customers can report scams by using the email address scams@sainsburys.co.uk. More information can be found on the Argos website here: Help & FAQs - How do I report a scam.
How to spot a phishing email
According to Dojo, you should always consider the following matters before inputting your card details into any website, clicking on an email or following a text message link.
Check the sender’s email address
Often scammers will use a suspicious email address that includes words that don’t relate to the company they impersonate or lots of numbers.
Check for poor spelling and grammar, or mistakes in the company’s name
Although some fraudulent emails are highly sophisticated, many of them can be poorly worded and there are some tell-tale signs they’re not legitimate.
Check the formatting of the email
A lot of companies send legitimate emails from a templated third-party system. Your favourite brands will often spend a lot of money making their emails branded and it can be difficult for scammers to replicate these email templates.
So if you see plain-text emails with no branding – or brand logos replicated in low resolution, look back at your inbox to see if this matches the company’s typical communication designs.
Don’t rush to action their demands
Often scammers thrive from creating a sense of urgency and panic in the recipient. They will use scare tactics or threatening language to make you rush into doing something.
Whether it's clicking a suspicious link or providing your personal data, you should take some time to review the email and research its legitimacy before taking any action. If you’ve already clicked the link, check the URL straight away and do not log in anywhere as scammers can capture your details to take over your account.
Never send sensitive data via emails or online links from emails or SMS
If you suspect you’ve been sent a phishing email, do not click on it and try not to open it at all - especially if you’re using your work email. Scammers often leave malicious links within the email that once clicked allow them to enter your computer’s system.
If you accidentally click on one of these emails you should change your passwords immediately and check your bank accounts regularly to make sure no money has disappeared. If this happens you should alert your bank immediately and they will guide you on further action.
If you’re concerned about your work email account or laptop, you should contact your information security team straight away and flag your concerns. It’s always better to be cautious and vigilant when dealing with online security.
Contact the company implicated
Whether you’re unsure, or you’re totally convinced that you’ve received a scam email pretending to be a company, reach out to that company to inform them and see further information. They will be able to let you know within an instant if the communication you received was legitimate.
And often large brands will have dedicated teams investigating frauds affecting their customer base and damaging their brand reputation, so they will undoubtedly appreciate any information you can provide that can stop these fraudulent activities going forward.
Read Next:
- Social media scams to look out for in 2023 and how to avoid them
- Seven signs to look out for that show a website may be a scam
- Tech experts issue warning over worrying rise in Instagram account cloning and social media scams
- GCHQ's advice on avoiding online shopping scams
Heartless scammers used romance fraud to fleece two women out of £200,000