We’re not even through the first month, and another scam is back and looking for more victims. How do we know it’s a scam, and how can you use this on other scam emails?
With three major supermarket chains in Australia, there’s a good chance you shop at Woolworths, and that’s exactly what scammers are playing on.
A recent bout of scams is popping up in email inboxes, so much that we’ve seen no less than two this week, and while there are some pretty obvious telltale signs if you know where to look, the scams might be convincing if you click without thinking. That’s one of the hopes for scammers, which are often able to bypass spam filters in email, and might end up having you click without giving it a second thought.
This week, one of the 2021’s scams appears to have set off, and it’s nothing new, just something that arrives frequently, with a scam modelled on the rewards and prizes some of us expect to receive. It’s not quite the JB HiFi SMS scams we’ve seen lately which offer a prize, but it’s not far off.
If you’ve seen an alert in your inbox of a “Confirmation” with the topic “We have a surprise for Woolworths Shoppers”, that’s the scam email, though we suspect there are a few variations on it floating around the web in different ways. Like many other scams, the message is about you being given a reward, which is a scam message that might work on Woolworths shoppers given its rewards program Everyday Rewards. But this is just a scam, and if you don’t want to get caught, you need to look for the telltale signs of a scam email.
How to tell if an email is a scam
Scammers are persistent little things, but they won’t always wise up to the some of the mistakes they make. Part of the reason they don’t necessarily need to is people still click, and scammers still make money, so if it still works, why would they change?
Fortunately, this gives you an opening to working out the tricks, and determining their email is more scam than email.
And that starts with the email address. If you can’t see the entire email, you can always click on an email address or drop down the field to see more, and this is one of the obvious ways to work out whether an email is real.
You see scammers can’t use the real website address from the company they’re trying to fake, so they’ll either go with something outlandish hoping you don’t look, or register a website with a very close name, such as
wooolwoorths.com.au so it survives a simple glance. Turns out we’re all quite good at correcting spelling in our heads, giving the scammers an opening.
Email scams we’ve seen don’t always do the latter, pushing for the outlandish email address instead, which means this one’s fake Woolworths email at Gmail is a big indicator, as is their send address, which also seems less than legit.
Next is the language, which again lacks the clarity a local Woolworths rewards email might have.
“We have a surprise for WoolWorth Shoppers” read the first email we received this week. The follow-up keeps that poor writing and tries to correct above it with “We have a surprise for Woolworths Shoppers”. We guess they worked out their problem after reading their own email.
We’re not sure why you would believe such a poorly worded email from someone purporting to be Woolies, but it’s clear this image — because that’s what it is, it’s not text even if it looks like it — was created first with the poor wording of “WoolWorth”, and then the scammers realised they needed to fix it so included an extra spot of text above it.
There’s also an image inside the scam which makes it feel a little legitimate, but it’s worth noting: that’s not the Woolworths style, even if the scammers think it is.
The whole message includes a link under it as well, and it’s the same link regardless of what you click. If you wanted to click on the “OK” button (don’t) or either of the fake unsubscribe links, it’s the one link, and you’ll head to the scam. That’s part of why this email is a phishing scam, as the scammer is phishing for your details, by way of you clicking that same fake link regardless of what you click on.
How to tell it’s a scam if you accidentally click on the link
This isn’t a complex scam, and again, those telltale signs are everywhere throughout, starting with the website address, which is another outlandish link that never attempts to look like Woolworths in the slightest. That’s good, because it’s less convincing for you.
When we checked the link it was going to open, it was pretty clear it’s a fake.
But then when we let it open, we were at a fake Woolies site with a better attempt at current Woolies branding, and yet clearly still a fake webpage, dotted with fake testimonials from people purchasing e-cigarettes. Because that’s what Australia’s supermarket chain Woolworths is clearly known for (it’s not, we’re being sarcastic, if you can’t tell).
The quick way in how to always tell if you’re at looking at a scamming website is this: check the website address, the URL.
While the phrase “fake it until you make it” might stick in your head, it’s not something scammers can do with a website address. They can’t fake it easily, so don’t let them make it.
Check the website address, and think about it. If it doesn’t seem right, it’s not. Close it and move on.
Will these email scams ever stop?
The reason why it’s important to know what you’re looking for is these email scams are unlikely to stop. Scammers keep on scamming because it makes big bucks in the end, and even if you don’t click, someone will.
Not everyone knows the tips, which is why education is so important. The internet isn’t a mystical magical place that’s too complex to understand, nor is it a place where you can expect rewards and prizes waiting for you around every email, SMS, or even through a random chat bot message.
Scams will stick around, however, because scammers make millions collectively. The Australian Competition and Consumer Commission says Australians lose hundreds of millions to scammers and cyber criminals every year, and while many are wising up to these attempts, many more are still falling for it.
Knowing how to spot them is the first step in you deleting them and moving on with your life, and not falling victim. It’s the first step to dealing with them the way you would a pesky caller, and just hanging up.