An email scam purporting to be from British retailer, Primark, has been uncovered by a Parliament Street cyber research team. The phishing attack uses official branding to promote a fake survey which then harvests sensitive information, such as payment details, including the victim’s bank account number.
The email promises the chance to “Win £500 worth of gift cards” in return for filling in a short survey. The scam also uses official Primark logos and images to convince unsuspecting users of the email’s legitimacy.
Once a victim clicks “continue for free,” they are taken to a fake website which asks for sensitive information such as bank account details, as well as their PIN and security code.
If the addressee does not respond, a second email is sent out, beginning: “Final Message for [NAME].” The follow-up email then claims that the user has been selected to win a free £500 voucher to spend at Primark, stating: “Your eMail address was exclusively selected. We are happy to announce that you have been selected to win a voucher… Remember, you are one of the few selected, therefore your chances to win are very high [LINK]…”
The scam also uses fake Facebook pages to vouch for the legitimacy of the scheme, with one fake user linking the fake survey to their page, with the message: “You heard about this? Me and my friends are loving it, you are getting voucher to PRIMARK for answering a few very stupid questions. Take a look!”
Primark responded by saying that the email campaign and voucher offer “….is not being run, sent or supported by Primark. Please note as this is not a genuine Primark voucher, we are unable to accept it in our stores.”
Cyber security expert Andy Harcup, VP, Absolute Software said: “Hackers will take the shirt off your back if they get hold of your personal data, so it’s vital to stay alert for these kinds of online scams.
“In this case, consumers looking for a bargain are the target, with a promise of hundreds of pounds of free spending money in Primark stores. Of course, this ‘special offer’ comes with a much higher price – which means handing over your personal address, phone number, bank account details and even your security code.
“With millions of people still working remotely, using phones, laptops, desktops, and tablets to communicate, it’s vital that the necessary cyber security controls are in place to block such attacks. It is even more important to ensure that employees are aware of and are trained on company policy and specifically how to differentiate a scam email from a genuine one.
“All it takes is for a victim to hand over confidential data and their employer’s entire system could be breached by malicious hackers. Key to this effort is the ability to track and manage devices as well as ensure the latest security updates are in place across all devices, at all times in order to keep workers and enterprise data safe.”