That Free Gift Offer That You Just Got In Your Email Inbox Is Likely A #Scam
Here’s a different type of scam that I would like to tell you about. You might have gotten an email like this in your inbox recently:
So I happen to be a CAA (Canadian Automobile Association) member. Thus I might have been enticed to click that “Get It Now” button. Even if I am not a member of CAA, the fact that I might get something for free might entice me to click the same button. But you shouldn’t do that. Instead, you should take a good hard look at this email to see if it’s from CAA. And that’s best done by looking at the email address that it came from:
Well, that’s a quick #fail right there as this clearly didn’t come from caa.ca. So we know that this is a scam from that alone. But the other hint that this is a scam is that there is nothing in this email that identifies me. Not my name, or account number or anything like that. That’s because this is being mass mailed out to thousands of people hoping that 1% will fall into the trap.
But what is the scam? Well, when I clicked on the link, which to be clear you shouldn’t ever do, I got taken to this website:
This is a decent replication of a website that CAA might have created. But the address bar makes it clear that it’s not CAA. Nor does CAA ask you to show notifications from a third party site. On top of that, I noted that it used geolocation to allow the site to target specific people in a specific geography. Canada in this case. It also didn’t like the VPN that I employ to cover up where I am investigating from. So that says to me that the threat actors behind this have some level of skill.
You then get walked through a fake survey. And at the end of it you get this:
Oh cool. A free car emergency kit with a fake testimonial to make it more convincing. When in reality it isn’t real. So let me claim my reward.
Well, this is interesting. I am now “today’s winner”. That’s odd. And if you blow up this picture and look at the address bar, the address has changed. That’s also odd. So is the fact that when I look at the bottom left corner, “Susan from Chicago IL” ordered one of these. Why would anyone from the United States have anything to do with CAA? But the key point is that you have to pay $9.95 for shipping. But what the threat actors are actually after is your personal information and credit card details. That way at the very least, they can go to town using your credit card. Or at worst, they can steal your identity.
So, what’s the take home message here? If you get something in your inbox that offers something to you for free, take a good hard look at it as it may be a scam. And if you don’t have any products or services from the company who is claiming that they want to give you something for free, then you should absolutely run in the other direction. And never, ever share any personal information with any random website. Because once you lose control of your personal information, it’s next to impossible to get control of it again.
This entry was posted on September 18, 2024 at 8:59 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
That Free Gift Offer That You Just Got In Your Email Inbox Is Likely A #Scam
Here’s a different type of scam that I would like to tell you about. You might have gotten an email like this in your inbox recently:
So I happen to be a CAA (Canadian Automobile Association) member. Thus I might have been enticed to click that “Get It Now” button. Even if I am not a member of CAA, the fact that I might get something for free might entice me to click the same button. But you shouldn’t do that. Instead, you should take a good hard look at this email to see if it’s from CAA. And that’s best done by looking at the email address that it came from:
Well, that’s a quick #fail right there as this clearly didn’t come from caa.ca. So we know that this is a scam from that alone. But the other hint that this is a scam is that there is nothing in this email that identifies me. Not my name, or account number or anything like that. That’s because this is being mass mailed out to thousands of people hoping that 1% will fall into the trap.
But what is the scam? Well, when I clicked on the link, which to be clear you shouldn’t ever do, I got taken to this website:
This is a decent replication of a website that CAA might have created. But the address bar makes it clear that it’s not CAA. Nor does CAA ask you to show notifications from a third party site. On top of that, I noted that it used geolocation to allow the site to target specific people in a specific geography. Canada in this case. It also didn’t like the VPN that I employ to cover up where I am investigating from. So that says to me that the threat actors behind this have some level of skill.
You then get walked through a fake survey. And at the end of it you get this:
Oh cool. A free car emergency kit with a fake testimonial to make it more convincing. When in reality it isn’t real. So let me claim my reward.
Well, this is interesting. I am now “today’s winner”. That’s odd. And if you blow up this picture and look at the address bar, the address has changed. That’s also odd. So is the fact that when I look at the bottom left corner, “Susan from Chicago IL” ordered one of these. Why would anyone from the United States have anything to do with CAA? But the key point is that you have to pay $9.95 for shipping. But what the threat actors are actually after is your personal information and credit card details. That way at the very least, they can go to town using your credit card. Or at worst, they can steal your identity.
So, what’s the take home message here? If you get something in your inbox that offers something to you for free, take a good hard look at it as it may be a scam. And if you don’t have any products or services from the company who is claiming that they want to give you something for free, then you should absolutely run in the other direction. And never, ever share any personal information with any random website. Because once you lose control of your personal information, it’s next to impossible to get control of it again.
Share this:
Like this:
Related
This entry was posted on September 18, 2024 at 8:59 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.