Bunnings gift voucher phishing scam
A Bunnings gift voucher phishing email scam has started this week. This particular campaign is similar to an earlier campaign this year. Both of these scams promise a gift card, so long as the email recipient fills out a survey form. The survey form links to a site that asks for various personal details including credit card numbers. The emails are however bogus.
For the benefit of our global readers, Bunnings is an Australian hardware chain. It has stores in Australia and New Zealand. Figure A shows the email we extracted from our email filter this morning. The subject line of the email is listed as “My Chance at Bunnings Giftcards”. The sender of the email is shown as “Bunning Giftcard”. The main heading on the body of the email is “Ultimate Bunnings Giveaway!”
The branding on the email uses authentic looking Bunnings logos. There are two links contained in the email. One is embedded in a large button containing the text “Click Here for free registration!” The other link is contained in the body of the email with the text “Register your details”. The recipient is urged to enter now, “Before it is too late!”
Unfortunately this email is bogus. Bunnings do not have any such promotion. Checking the two links shows that they lead to a phishing site. The phishing site is designed to steal details such as credit card numbers.
These types of survey emails utilise marketing tactics that are very similar to legitimate marketing campaigns. In legitimate marketing campaigns the recipient is offered some type of inducement if they fill out a survey. Often the inducement is a gift card, or the chance to win a gift card. Other forms of largesse may be the chance to win a holiday. This type of phishing email uses the same tactic, but asks for far more information than a legitimate marketing survey.