Fake Bunnings gift vouchers circulating

Fake Bunnings gift vouchers circulating

Another posse of phishing emails arrived today. Leading the charge was an email promising Bunnings gift vouchers if the recipient clicks on a button contained in the email. These Bunnings gift voucher scams have been around before, notably on Facebook. Many people have been caught out by the fake links on the Facebook post; this time the scammers are using email as the propagation medium.

Figure A shows the email. It uses authentic looking Bunnings logos and colouring. We have blacked out the part of the email that shows the recipient’s email address. The email is fairly straightforward, informing the user they can win a $1000 voucher if they click on the continue button. The subject of the email is “Receive your bunnings Voucher!”, whilst the sender is shown as “Bunnings”.

It’s not too hard to spot this as a phishing email. For one thing, Bunnings has not listed any promotion involving a free $1000 gift voucher. In fact, the issue with fake gift card vouchers has become so prevalent that Bunnings have put a statement on their website warning users of the scam.

Mousing over the links shows a domain name that is unintelligible. One of the tactics users by scammers is long gibberish domain names. Checking the actual sender of the email shows a slightly less obtuse domain name.

In the past, emails of this type have lead users to a site that downloads malware to their PC and/or steals personal information. The domain name linked to in this email appears very similar, and we suspect the intention of the scammers is the same: to steal user’s personal information and/or install malware on their PC.

This style of email follows established marketing techniques, in which largesse is promised in return for filling out a short survey. Whilst this email appears authentic on first glance, it is a fake. Delete it if you receive it.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service