Phishing Hook on Computer Keyboard
Home ScamsPhishing Scams UK Post Office Online Reward Program Phishing Scam

UK Post Office Online Reward Program Phishing Scam

by Brett M. Christensen

Outline

Email purporting to be from Post Office United Kingdom claims that the recipient has received a cash reward via the Post Office United Kingdom Online Reward program. The recipient is instructed to follow a link in the message and enter his or her “bonus code” on a website form in order to claim the reward.

Brief Analysis

The email is not from the UK Post Office and the claim that the recipient is eligible to receive a cash reward is untrue. The email is a phishing scam designed to steal personal and financial information from recipients via a bogus website.

Example

Subject: E-mail Bonus #152040

Greetings from Post Office United Kingdom

Welcome to the Post Office United Kingdom Online Reward program, the first and largest loyalty program in the world!

We are proud to inform you that today, The UK Post Office rewarded you. Please take the 4 steps survey. For your effort you will be rewarded you with £

Your bonus code is P742UK2910

Please track your Bonus Code in to:

[Link removed]

and follow the reward steps.

Thank you very much for your help and your patient and hope you will enjoy the UK Post Office reward program in the future.

Sincerely,
Sandra [Removed]

UK Post Office Reward Department

 

Detailed Analysis

According to this email, which claims to be from the United Kingdom Post Office, the recipient has been selected to receive a cash reward as part of the “Post Office United Kingdom Online Reward program”. To claim the reward, the recipient is instructed to click a link in the email and enter personal and financial information, along with his or her “bonus code” into a website form.

However, the message is not from the UK Post Office and the promised reward does not exist. Those who fall for the ruse and follow the link will be taken to a fraudulent website designed to steal both their personal information and their credit card details. The link in the email is disguised to resemble a genuine UK Post Office web address. The bogus website includes graphics, formatting and secondary links designed to make it resemble the genuine UK Post Office website.
If a victim clicks on the link in the scam email, he or she will be first asked to provide name, contact and other personal details via a form on the bogus website as shown in the following screenshot:

Uk Post Office Phishing Scam - 1

Once the user has filled in this form and clicked the “Submit” button, he or she will then be taken to a second page that asks him or her to enter the “Bonus Code” included in the scam email:

Uk Post Office Phishing Scam - 2

Next, the victim will be taken to a third page that reloads the personal information submitted in the first form but also requests credit card details including the user’s credit card account password:

Uk Post Office Phishing Scam - 3

After the “Submit” button on the final form is clicked, the bogus website will display a brief “Thank-you” message before redirecting the user to the genuine UK Post Office website. Because the scam sequence eventually takes the victim to the genuine post office website, he or she may not initially realize that skulduggery is afoot. Meanwhile, all information submitted on the bogus website will be sent to Internet criminals who can use it to commit credit card fraud and identity theft.

One quick giveaway that the bogus website is not what it claims to be is the fact that the form asking for personal and financial details is not on a secure (https) server. No legitimate organization would ever ask for such sensitive information via an unsecure webpage.

This phishing scam is quite similar to a recent spate of survey phishing scams that promise recipients substantial fees for participating in brief online surveys. As in this case the purpose of these survey scams is to trick people into handing over their credit card details and other personal information. Internet users should be very cautious of any unsolicited email that claims that they can receive a cash payment or reward simply by filling in a short survey or providing their personal information. If you receive such an email, do not follow any links in the message or open any attachment that it may contain. Do not provide any information to the senders of the message either via a website form or by replying to the email.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer