Every Little Helps...

Is the catchphrase for Tesco [a very well known UK supermarket] who sent me an e-mail today informing me that I "have added an additional email address to my account", see below for the full e-mail:



The email address it was sent by was "customer@tesco.com" which is also the return address in the raw e-mail headers too. So, let's see where we end up when we click on one of the four links in the e-mail itself, shall we?

Here's a screenshot of the website that we end up on [using Opera 9.50].....Hmmmm...Tesco.com [according to the tab text]. Looks like the real thing, but is it?



How many of you spotted the red warning in the browsers address bar? It reads [!Fraud site]*. Bit of a giveaway, and also when I clicked on the link in the e-mail it actually goes to a dotted IP address, before being redirected [probably some form of click fraud] to the bogus Tesco.com site shown in the screenshot above. Yes, it is a Phishing site, not the real Tesco.com at all!

So, what is the site and what is it trying to achieve?

Well, this appears to be a Phishing scam, but instead of being targeted at a bank or other financial organisation, or Paypal, eBay, eGold, etc. it is targeting customers of a supermarket instead. This is the first time I've seen a supermarket being the target of a Phishing scam run, most unusual!

Not sure why the bad guys and girls are targeting Tesco customers, unless the stolen customer login details are just a way for them to gain access to any stored credit/debit card details on the Tesco.com account? Maybe they are just hungry ;-)

So, is this a new trend, can we expect similar Phishing scams for Sainsbury's, Waiterose, Marks and Spencer's and Morrisons? Unfortunately, I expect so, so please be very careful and if you have the option on any such service do NOT store your credit/debit card details, it may make shopping faster, but it also makes identity theft easier too.....as Tesco states "Every Little Helps", just don't let it be true for the bad guys and girls allowing them to gain access to your personal information and credit/debit card details.

* This is a new feature in the latest version of Opera.