Scam Free SummerTesco vouchers email

[Mo2013]

Hi everyone. I have received an official looking email from Tesco regarding £1000 worth of unclaimed vouchers because I have not confirmed correctly the records that they hold about me. I do shop at Tesco but was immediately suspicious and I telephoned Tesco who confirmed that this is a phishing email.

[oldbluefox]

Thanks for flagging this up Mo. As with all suspicious emails very often a good clue lies in the sender's email address. I am always wary about anything which asks for my details and always check. Banks will never ask for security details online.

[Mo2013]

OBF, I have to say that it really looked official, with a name and title at the bottom of the letter. It gave two links - one if you banked with Tesco, and the other, if you used a credit card. Then it asked you to click both links anyway! I went no further and clicked neither. Fortunately for me I rarely receive emails from Tesco, even though I bought a case of champagne a few Christmases back, and I always pay with my debit card. My husband uses a credit card but he has not received the email. A lot of warning bells, but someone else may well fall for this clever phish.

[oldbluefox]

but someone else may well fall for this clever phish.

That is the worry and a good reason why it's worth warning people, not just about this one but any others which may drop into your inbox. Not everybody knows how to spot them.

[Mo2013]

Yes, indeed OBF. Tesco gave me an email address where I should forward to scam email for their attention. It is phishing@tescobank.com

[Silver_Shiney]

Before you forward any phishing email, you should copy-and-paste the Extended Headers into the top of the message, so that the investigators can trace where it came from.

I could tell you how to do this in Outlook 2003 but how you obtain that information through other email clients, I wouldn't know.

[Mo2013]

Alan, I have received another phishing email purporting to be from HM Revenue and Customs and they advised me to simply forward the email in its entirety to them, using the forward button. Tesco also advised the same and I have not had to do anything special other than forward the whole thing to the address they provided.

[Manoverboard]

As you have opened one of them, or seem to have done, you will doubtless get more ... perhaps you should change your e-mail address and password.

I had this trouble using both Tiscali and Virgin but not with my present provider.

[Mo2013]

Thank you.

[Silver_Shiney]

Alan, I have received another phishing email purporting to be from HM Revenue and Customs and they advised me to simply forward the email in its entirety to them, using the forward button. Tesco also advised the same and I have not had to do anything special other than forward the whole thing to the address they provided.

I don't doubt it, Mo, just passing on the information I'd been given from others....

[Mo2013]

Thank you Alan - it is appreciated.

[sunsetsail2night]

Mo - I received the same scam about two weeks ago. I too rang Tesco and they confirmed it was scam. Asked if they could stop the scammers sending it out because I'm sure some would believe it. They said they didn't even know which country it was coming from. The scam incorporated the real Tesco website including the correct 'phone number - which is the one I rang!

Brenda

[Silver_Shiney]

Mo, with respect, I do think you've been badly advised.



http://www.consumerfraudreporting.org/p ... paypal.php

Without the extended header, the (bank's) investigation team have no information to work on.

The extended header on emails from this website, for example, look like:

Delivered-To: recipient's email address
Received: by 10.60.140.232 with SMTP id rj8csp91713oeb;
Tue, 20 Aug 2013 13:38:49 -0700 (PDT)
X-Received: by 10.180.38.77 with SMTP id e13mr13913964wik.61.1377031128606;
Tue, 20 Aug 2013 13:38:48 -0700 (PDT)
Return-Path: <sender's email address>
Received: from david-host-me-uk .nh-serv.co .uk (david-host-me-uk .nh-serv. co.uk. [185.17.180.35])
by mx.google.com with ESMTPS id cq8si1864162wjc.61.1969.12.31.16.00.00
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Tue, 20 Aug 2013 13:38:48 -0700 (PDT)
Received-SPF: neutral (google. com: 185.17.180.35 is neither permitted nor denied by best guess record for domain of sender's email address) client-ip=185.17.180.35;
Authentication-Results: mx.google. com;
spf=neutral (google. com: 185.17.180.35 is neither permitted nor denied by best guess record for domain of <sender's email address>) smtp.mail=sender's email address
X-No-Auth: unauthenticated sender
Received: from david-host-me-uk. nh-serv. co. uk (david-host-me-uk .nh-serv. co.uk [127.0.0.1])
by david-host-me-uk. nh-serv.c o.uk (Postfix) with ESMTP id BF6AC250D4F
for <recipient's email address>; Tue, 20 Aug 2013 21:38:47 +0100 (BST)
Subject: =?UTF-8?B?VG9waWMgcmVwbHkgbm90aWZpY2F0aW9uIC0gIlNjYW0gRnJlZSBTdW1tZXJU?=
=?UTF-8?B?ZXNjbyB2b3VjaGVycyBlbWFpbCI=?=
To: =?UTF-8?B?U2lsdmVyX1NoaW5leQ==?= <recipient's email address>
From: <sender's email address>
Reply-To: <sender's email address>
Sender: <sender's email address>
MIME-Version: 1.0
Message-ID: <9e351a262b1929370fc6bd4b345701d8@cruise-community.me.uk>
Date: Tue, 20 Aug 2013 21:38:47 +0100
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: phpBB3
X-MimeOLE: phpBB3
X-phpBB-Origin: phpbb://www. cruise-community. me. uk

(I've had to fiddle with the embedded URLs to get this to post!)

[Mo2013]

Hi Alan, thank you. However I do not think I have been badly advised. I have always believed that the organisation from whom the email is purported to be from and to whom I have forwarded the scam email will go into the headers etc. to try and determine its origin. Certainly, HM Revenue and Customs and Tesco simply advised me to forward them the email, without clicking on anything. In my last job I worked at a University and during my lunch break, I went into my personal email account and discovered I had received an odd email from someone who had considerable knowledge of the old P&O forum. I contacted our IT department which, as you can imagine, was very capable, and they asked me to forward the odd mail to them. They came back to me to say that they had been unable to discover its source. People who send such emails are very clever and I am sure will have taken any number of steps to prevent anyone discovering their identity.

[Silver_Shiney]

Hi Alan, thank you. However I do not think I have been badly advised. I have always believed that the organisation from whom the email is purported to be from and to whom I have forwarded the scam email will go into the headers etc. to try and determine its origin. Certainly, HM Revenue and Customs and Tesco simply advised me to forward them the email, without clicking on anything. In my last job I worked at a University and during my lunch break, I went into my personal email account and discovered I had received an odd email from someone who had considerable knowledge of the old P&O forum. I contacted our IT department which, as you can imagine, was very capable, and they asked me to forward the odd mail to them. They came back to me to say that they had been unable to discover its source. People who send such emails are very clever and I am sure will have taken any number of steps to prevent anyone discovering their identity.

They were unable to discover the source because, by merely forwarding the offending email, the transmission lost the original extended headers. If the body of the email contained a hyperlink to another website, that may possibly help them to trace the criminal, but if the body is text only, the investigators will have nothing to go on.

Tesco say, on their website, "Click on the "Forward" button to attach it to a new email and send it to phishing@tescobank.com." I don't know how to attach the message file to a new email, as that's the only way you'd include the extended headers - when I click "forward" in my email client (Outlook), the original email becomes part of the body with the supposed email address of the sender added - that address can be easily faked.

Again, HMRC merely say (as you report) "If you have received a HMRC related phishing/bogus email, please forward it to phishing@hmrc.gsi.gov.uk and then delete it." Unless there is a link to a phishing website, there is nothing they can do.

[Mo2013]

Alan, in that case then, there seems no point in forwarding the emails. I do not know enough about computers and am loath to do anything other than forward or delete. Thank you for the time and trouble you have taken in responding.

PS: On another now defunct forum, I idly clicked on to someone's avatar and saw their real name etc. I was shocked as to how that happened - it was someone who is a member here ! But it proved to me that people - for whatever reason - use different IDs.

[david63]

Alan - In Outlook when you create a message there is the menu tab "Insert" one of the options on there is "Outlook item" and this will allow you to add any mail message as an attachment.

Where phishing is concerned I prefer another approach as sending emails to whomsoever they purport to come from can be slow to get a result, if they get one at all.

I have a browser add in called "Netcraft" and this gives you the option to either report a phishing site or forward an email. The advantage is that they will then block the phishing site so that the innocent will not access it. Eventually they will bring a lot of these sites down - although by then they will have probably moved on and they will also circulate the sites information to the major Internet protection software companies. The down side of all of this is that users have to take some responsibility to protect themselves otherwise it all becomes pointless.

Just some statistics from Netcraft - as of 1st August 2013 they have blocked over six million phishing sites. I have personally reported nearly 700 and have already reported 23 this month

[Dancing Queen]

Alan, in that case then, there seems no point in forwarding the emails. I do not know enough about computers and am loath to do anything other than forward or delete. Thank you for the time and trouble you have taken in responding.

PS: On another now defunct forum, I idly clicked on to someone's avatar and saw their real name etc. I was shocked as to how that happened - it was someone who is a member here ! But it proved to me that people - for whatever reason - use different IDs.

Someone using a different screen name is not using a different id they are choosing to use "another handle" for which there could be many reasons for doing so, the most obvious being because someone was already using their chosen name, also many forums advise you not to use the same name/passwords if you belong to several.

[Mo2013]

Not altogether sure I agree DQ because in this instance no-one else was using that person's 'handle' and in my experience for whatever reason people have chosen a different name purely because they have not wanted anyone to know it was them on another forum. Regarding my discovery, I was surprised to say the least that on clicking the avatar, the path/route followed included the person's name. I did not, and still do not, understand how it could have happened because, as I mentioned earlier, I am not computer savvy at all. I am therefore wary of how easy, or not, it is to discover a pathway back to anyone who has uploaded an avatar.

[david63]

Mo - if in doubt about a link (such as the avatar that you mention) then if you hover over it with your mouse then the link/path will be displayed in the status bar at the bottom of your browser.

[Silver_Shiney]

Alan, in that case then, there seems no point in forwarding the emails. I do not know enough about computers and am loath to do anything other than forward or delete. Thank you for the time and trouble you have taken in responding.

PS: On another now defunct forum, I idly clicked on to someone's avatar and saw their real name etc. I was shocked as to how that happened - it was someone who is a member here ! But it proved to me that people - for whatever reason - use different IDs.

That's fair enough, Mo, the important thing is to never open the emails or, if you do accidentally (my mouse can be a bit oversensitive at times) NEVER open any attachment or follow any link. If possible, before deleting, flag it as junk or "block sender" so that, hopefully, you'll never hear from that particular criminal again.

[Silver_Shiney]

Alan - In Outlook when you create a message there is the menu tab "Insert" one of the options on there is "Outlook item" and this will allow you to add any mail message as an attachment.

Where phishing is concerned I prefer another approach as sending emails to whomsoever they purport to come from can be slow to get a result, if they get one at all.

I have a browser add in called "Netcraft" and this gives you the option to either report a phishing site or forward an email. The advantage is that they will then block the phishing site so that the innocent will not access it. Eventually they will bring a lot of these sites down - although by then they will have probably moved on and they will also circulate the sites information to the major Internet protection software companies. The down side of all of this is that users have to take some responsibility to protect themselves otherwise it all becomes pointless.

Just some statistics from Netcraft - as of 1st August 2013 they have blocked over six million phishing sites. I have personally reported nearly 700 and have already reported 23 this month

Thank you for that, David, very helpful!

This is one real bonus of belonging to a forum such as this - you learn things!

[Mo2013]

Agreed! Thank you.

[oldbluefox]

'This is one real bonus of belonging to a forum such as this - you learn things!'

...................... and, if I may say so, of moderators/admin posting on the forum.

[Jean W]

OBF -