- What do the spoofed Living Social emails look like?
- 3. Amazon scam emails
- DHL scam email
- Currys email scam
- What happens if an email fails DMARC?
- What additional checks should I carry out on a suspicious email?
- I think I’ve been taken in by a fake email, what should I do?
- How can I report fake emails?
Scam emails posing as well-known brands will often pop up in your inbox pretending to be from companies you buy from, such as this phishing purporting to be from Tesco.
Amazon is one brand urging people to be on high alert as we enter one of the busiest periods for online Christmas shopping. Last-minute shoppers are more likely to head online to secure a gift - leaving them potentially more vulnerable to scammers hoping to cash in.
Many of these scam emails are sent from email addresses that quite clearly have nothing to do with the brands they claim to be from, which is an easy way of telling a fake from a genuine communication.
But some phishing emails take it a step further by spoofing a legitimate firm's email domain, making fake emails more difficult to spot.
But interacting with the email will only lead you to websites that have nothing to do with the brands involved. These sites will likely be dangerous and attempt to extract personal information from you, which could include your bank/card details.
Some emails spoof the email domain of the online discount marketplace website Living Social - in reality these email have nothing to do with Living Social or the brands shown.
We have examples including your favourite shopping stores.
Scam emails warning
What do the spoofed Living Social emails look like?
Here are five examples of emails spoofing Living Social’s email domain that have nothing to do with Living Social or the brands shown:
1. ASDA email scam
This email posing as supermarket ASDA offers a £500 gift card and other ‘special prizes’. This is similar in tactics to other ‘gift card’ emails and even looks to create a sense of urgency by stating that the offer is due to expire.
2. Aldi scam email
Aldi scam email
Again this email poses as a UK supermarket and uses the gift card/voucher hook, combined with an expiry time/date.
Aldi confirmed that it has no connection whatsoever to the email.
3. Amazon scam emails
Fake Amazon email #1
The most common scam uses correspondence that suggests you have ordered a product but confirmation is needed before it can be shipped. The scammers then try to convince you to provide payment or bank account information or even install software on devices to complete the order.
Amazon says orders can always be verified by logging into your Amazon account - and Customer Service is available 24/7 to assist.
Fake Amazon email #2
Amazon is not running this ‘customer survey’ or offering ‘exclusive rewards’ and ‘free shipping’. This email will take you to a site that has nothing to do with Amazon.
Fake Amazon email #3
Once again, Amazon is not offering ‘rewards’ - attempting to ‘claim’ this reward will not take you to a genuine Amazon website.
Amazon has a dedicated page explaining different types of gift card scams impersonating the brand here.
4. DHL scam email
Fake emails and text messages commonly impersonate delivery companies. This is another fake designed to intrigue you to interact with it under the pretence of a parcel/delivery.
5. Currys email scam
Currys is not running this Smeg loyalty programme. Again, clicking through will take you to a website that is not affiliated with Smeg in any way.
All of these emails arrived with the sender displaying as ‘info@livingsocial.co.uk’ - all of them failed DMARC. Living Social is not responsible for the emails and has confirmed that they were sent fraudulently.
Smeg confirmed that it has no affiliation with the email displaying its product.
What happens if an email fails DMARC?
Domain spoofing can happen when a domain is not protected by DMARC (Domain-based Message Authentication, Reporting & Conformance), a security standard designed to prevent unauthorised email senders using a domain they do not own.
In the event that an email fails DMARC, this should be picked up by the recipient’s email server, which should then direct the suspicious email automatically to your junk/spam folder.
This is helpful, but with the emails lurking in that folder, some who spot them could still be tempted to believe they’re genuine based on the supposed sender.
Each of the spoofed Living Social emails were detected as DMARC failures by Microsoft and sent directly to the recipient’s junk/spam folder.
What additional checks should I carry out on a suspicious email?
It’s important that you conduct additional checks on any communication you receive if you’re unsure of its legitimacy. Hover over the email’s links to see where it is taking you - does the URL look suspicious?
Take into consideration how the email has arrived - is it offering you something out of the blue? Has the email addressed you impersonally? Is it trying to create a sense of panic or urgency?
If the answer to any of these questions is ‘yes’ then you should not interact with the email. If you’re still unsure, contact the brand it purports to be from via its official channels, away from the email itself.
I think I’ve been taken in by a fake email, what should I do?
If you’ve entered sensitive information, such as your bank/card details, into a third-party site you were taken to via a suspicious email, you need to let your bank know what’s happened via its official channels ASAP.
Your bank should work with you to cancel your card, block any pending payments (if required) and refund the money you’ve lost.
You should also then keep an eye out for any follow-up scams that could occur if you’ve given contact details, such as your email address or phone number, away to fraudsters. Treat any contact you receive out of the blue with caution.
How can I report fake emails?
Fake emails and phishing websites can be reported to the National Cyber Security Centre at report@phishing.gov.uk - action can then be taken to remove these websites before anyone else falls victim.
If you’re going to warn friends and family about a fake email, send them a screenshot - do not forward the email on directly.
A spokesperson for Living Social said: “Thank you for your email and for bringing this matter to our attention.
“We have checked the headers of the emails in question and spoken to Proofpoint who monitor and maintain our email security records. They have advised that everything is in order on our side and that the emails in question, which have been sent by a scammer, have failed authentication and should have been moved by Microsoft on receipt to the Spam folder.
“We would advise consumers to be alert to fake emails and to be especially careful about opening and reacting to things that are in their spam folder. If a customer has any concerns about whether an email they have received with a Living Social domain is spam or not, they can reach out to our customer services team here with a screenshot of the email to clarify.”
-
-
Octopus Energy relaunches energy tracker deal – we explain what you need to know and if it could save you money
If you’re an Octopus Energy customer, you may be able to save on your energy bills with the relaunch of its tracker deal. We look at how it works
-
Three energy firms pay £8m in switching compensation - has your provider paid out?
More than 100,000 customers have received compensation after changing providers, but is now a good time to switch energy suppliers?
-
Save on petrol: how to save 5p off a litre of fuel at Morrisons
Petrol prices may have been falling since last summer but every penny counts at the pump. Here’s how to save 5p a litre at Morrisons for a limited time
-
Morrisons relaunches discount scheme with cheaper prices for loyal shoppers
Morrisons is the latest supermarket to revamp prices and offers for its loyalty scheme members
-
Coronation freebies and discounts: what’s up for grabs
From free railcards and holiday giveaways to discounts off food, we highlight the special offers launched to mark the coronation of King Charles III
-
8 ways to get interest-free money if you’re struggling
Here are 8 clever ways to get interest-free income if you’re struggling with the rising cost of living
-
Best birthday freebies and discounts
Enjoy your special day with these birthday discounts and freebies - we highlight 22 of the best offers
-
Festival ticket scam warnings – how to protect yourself
Concert ticket scams have rocketed by more than 500% over the past year, while festival fraud has more than doubled. Here’s how to keep yourself safe ahead of the festival season.
-
Co-op Member Prices: Supermarket unveils discount scheme for loyal shoppers
New Co-op scheme means reduced prices for shoppers who join the co-operative. How much does it cost to join, and how does it compare to similar schemes run by Sainsbury’s and Tesco?
-
Emergency alert test: what to expect and how to avoid being scammed
We tell you everything you need to know about the UK’s first emergency alert test, which takes place this Sunday
