0

I am getting rather fed up of seeing posts in the feeds of my Facebook Friends, including many who really should know better, advertising a supposed £175 value Tesco supermarket voucher giveaway. I say 'should know better' as the culprits have included technology journalists, computer magazine editors and IT consultants; all of whom must surely know that if it looks too good to be true then it's a scam.

dweb-tescoscam And scam it quite patently is. Following on from a similar Tesco voucher scam at the end of last year, this new one adopts the same approach: in order to claim your 'free' voucher, the victim has to first share the 'offer' to their friends on Facebook whilst at the same time posting a comment that says 'Thanks Tesco' in a matey fashion (thus distributing the scam to the widest audience using the trust model - "if my mate is sharing this, and thanking Tesco as well, it must be kosher") and then click on a link to take you to a page where your voucher claim can be completed.

Of course, by this point one would hope that installed and up to date anti-malware protection software would remind the victim that they appear to have left their common sense at the door, and warn them not to be so silly as to load the page in question. Failing that, the victim will be greeted with a page that for all intents and purposes looks like Tesco as it has copied the supermarket giant's branding for just that purpose.

What happens next? Well that very much depends on the whim of the scammers from day to day, but the usual payload is the old survey-filling one-two-three.

One: fill in your personal details (they will come in handy for identity theft and further scams).

Two: complete this survey (these are often genuine third party surveys, but the scammer will get a referral payment for every survey that is completed).

Three: be tempted by the adverts offering more great deals (which will either provide the scammer with click-through revenue, or direct the victim to yet more scams and the potential of drive-by malware installation for good measure).

Interestingly, another UK-based supermarket chain is also the subject of an ongoing and current voucher scam. However, I have not seen a single 'Morrisons voucher' posting within my Facebook newsfeed, but have seen at least a dozen of the Tesco variety so far.

If you think you may have fallen for either of these scams, or any other, please go to your profile page and from there delete the offending posts that advertise them and may lure other people into clicking through.

Oh, and although I shouldn't really have to say this, you will not be getting a discount voucher no matter how many surveys you have completed...

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

3
Contributors
3
Replies
7
Views
4 Years
Discussion Span
Last Post by happygeek
0

As soon as I retweeted this (one of my Facebook/Twitter friends had clearly gone for the voucher) I received a tweet from a totally unknown user with a link in it. On a protected system, I checked the link and all sorts of alarms were set off on the anti-malware software. Coincidence- I think not.

1

Chain-gun mail with a hidden handgrenade. You'd think by now, people would've cottoned on. Hah. I can't help but feel that they deserve everything they get. If you're so dopey as to fall for this, then it's clearly Darwinian.

0

That's just the thing though, some of the people that I am seeing who are getting caught are exactly the people I wouldn't think would be so gullible: a tech magazine editor/publisher, a respected IT journalist, an IT consultant etc etc. They all know about scams, and are aware of the do not click mantra. What is happening, I think, is that they haven't transitioned their scam detection awareness from web to social networks, whereas the bad guys clearly have made the move.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.