Woolworths hit by email scam that asked customers for their credit card details

Woolworths hit by email scam that asked customers for their credit card details


Woolworths is the latest Australian business to be targeted by scammers, with the supermarket giant warning customers to steer clear of a scam email that landed in consumers’ inboxes earlier this year.

Recipients of the scam email were invited to complete a “Customer Satisfaction Survey”, according to screenshots posted by shoppers on the Woolworths Facebook page.

The email, which was not sent by Woolworths but contained the Woolworths logo and a photo of a supermarket employee, offered the shoppers a reward of $50 for completing a “quick and easy survey”, telling them they had been selected for the survey by “Woolworths Online Department”.

The email asked shoppers to click on a link, which took them to a screen asking for their full name, address and credit card details.

Woolworths responded on Facebook by telling customers the email is a scam that it has no association with.

“Please be sure not to reply to this email or click on any links,” Woolworths said.

A spokesperson for Woolworths told SmartCompany this morning “Woolworths will never ask our customers for their personal or banking details in unsolicited communications and customers should always contact our customer service centre … if they have any concerns”. 

The spokesperson says Woolworths reports all scams to the Australian Competition and Consumer Commission’s SCAM Watch and regularly posts warnings on its Facebook page and website to alert customers of potential scams. 

AVG security advisor Michael McKinnon told SmartCompany large corporates such as Woolworths are popular targets among scammers, although he says scammers usually offer more than $50 to lure victims.

“It’s all about brand recognition. It’s all about picking a brand that most people will be aware of and that’s why they pick Woolworths,” he says.

McKinnon says these large companies often send out large volumes of emails to members of their loyalty programs and scammers can use this to their advantage.

But that doesn’t mean SMEs won’t also be targeted by scammers.

“It comes back to customers being able to authenticate the emails your business sends,” McKinnon says.

“If you are running your own email campaigns and are afraid of being targeted… you need to make sure you’ve put all the protection in place that is available to you to stop other people using your domain name when sending emails.”

McKinnon says businesses should be utilising security techniques such as sender policy framework (SFP) and domain keys identified mail (DKIM).

“Both of these are techniques that can be employed to protect domain names, in particular, to authenticate emails so that scammers pretending to come from your domain, those emails will be rejected by spam filters and won’t be effective,” he says.

McKinnon’s other tip for businesses is to customise the emails they send their customers so that they always display the customer’s full name.

“Make it known that they should expect to see their full name in emails from you,” he says.

“If they are aware of that, they will easily be able to spot a fake email.”


Never miss a story: sign up to SmartCompany’s free daily newsletter


Notify of
Inline Feedbacks
View all comments