Coles Voucher phishing email
“Win Free Groceries!” begins an email that landed in our email filters this morning. This is an email that is purporting to be from Coles, and promises a $50 voucher if the recipient clicks through a link to a survey page. Sadly, it leads to a phishing site that will harvest the victim’s personal details. The Coles voucher email is another in a collection of phishing emails.
Figure A is a screenshot of one of the emails. We have blacked out any parts containing names of intended recipients. For the benefit of our international readers, Coles is an Australian supermarket chain, established in 1914. The subject of the email reads “You are selected to win a coles voucher!” The sender of the email is listed simply as “Coles”.
The email heading begins with: “Congratulations! Win free groceries!” which is eye catching. The Coles logo is embedded in the email and is a copy of the genuine Coles logo. A button with the words “Continue For Free!” inscribed contains a link to an external site.
The body of the email informs the recipient that they are “giving away free groceries.” In order to obtain a voucher for free groceries, the user is invited to click on either the button or a second link with the text “Participate now”. A standard opt-out is fixed to the bottom of the email. This contains the third link in the email. Sadly, anyone clicking through to the end doesn’t get to a genuine Coles voucher. Even worse, the site requests credit card details, so they may find that their credit card is used without their consent.
There is one big red flag that this is not a genuine email from Coles. The links at the button and in the text of the email do not lead back to Coles. Instead, they lead to a phishing site. The first two links lead to the same site, whilst the third (in the opt-out section) leads to a different area on the same phishing site. Delete this email if you receive it.