Anatomy Of A Scam: How The Woolworths Free Voucher Scam Works

You've all seen it. At least one person on your Facebook feed has most likely fallen for it. Someone posts a link out to a dubious-looking site with the words "Thanks Woolies" attached in the vain hopes that they'll be given a $400 voucher, only to have their details snagged for future identity fraud. Fed up with the scam, Troy Hunt set out to dissect what was really going on. This is the anatomy of a scam.

It's a scam so big and annoying that everyone from the Federal Government right through to Woolies, Coles and Harvey Norman have been warning people against "claiming" the "free vouchers". It's had customers hurling abuse at the respective company Facebook pages about how they are "betraying" their customers by "partnering" with these scumbags. Clearly, something has to give soon.

Troy Hunt decided to take the time to dissect what the scam actually does, but more importantly, find who is behind it. He's covered Facebook scams in the past, and is an old-hand at figuring out why people click on stupid shit.

I won't try to summarise the whole scam, because let's face it, Troy does a better job and you should read that, but needless to say, it's pretty elaborate.

It detects your location to see if you're in either Australia, New Zealand, South Africa, Canada or even Albania, before shoving a few fixed images to make you think it's legitimate. That includes fake Facebook Like counters and fake people who have also "claimed" the vouchers.

Eventually, it redirects you to the cesspool of the internet occupied by sunken-eyed harlots looking for your credit card details and fake "prize" draws for iPhones, iPods and Macs. Follow the paper trail further and further and you'll be filling out survey after survey after prize draw after prize draw.

So who's behind all this?

WHOIS records divert back to a "James Smith" — probably a fake name — operating out of Albania, but the IP address bounces into Stuttgart. This really is a global operation.

Go and read Troy's full dissection of the scam on his blog if you're interested in the mechanics of all this. Highly recommended reading.

Also, don't fall for scams. It's good to remember the golden rule that if it looks too good to be true, it probably is. Tell your friends, too. [Troy Hunt via Reddit]


Comments

    The problem is that many marketing departments of these companies, big and small, go about things contrary to established "rules" within the industry and actually do legitimately ask for these details for the very same things as are in these scams. I've heard some commentators say that "companies will never give you something for free".. but that's just not true. There are plenty of companies doing competitions and give-aways these days and the bulk of them require you to give up a bunch of personal information to enter said competition.

    One thing they will never ask you for is your bank account details or card information on the competition form. Once you've won though, they will.. and therein lies yet another hook for the fraudsters. Many of these scams are bait and switch style with often multiple steps involved, with the first one or two steps seemingly completely innocent and not even asking for much in terms of personal information.

    Rules like "too good to be true" and the others mentioned above are only good for the simple scams.. but for the more involved, professional scams.. it really comes down to experience and usually the only way to get experience is to either be in the industry of fraud/scam prevention/investigation or to be a victim.

    the company i work with have some dealings with woolworths
    woolies themselves even send a newsletter about the scam to us
    apparently it's that bad

    Companies/Corps need to be more professional in the way that they present their own competitions/deals. So the average consumer learns the difference between shifty and legit. There's only so many of us who can spot this crap right away, and many people don't listen anyways, and laugh in your (digital) face, as if you're the fool...

    I clicked on that using my iPhone 4S.
    IS it affected on the same way as computers/laptops are?
    My concern is that iPhone holds a lot of personal information.

    I like what ACCC are trying to do with the "scam watch" website http://www.scamwatch.gov.au/ and twitter feed @SCAMwatch_gov . Its got to be an overtime job keeping up with the scams (and handling hapless people who get caught up in them).

    Last edited 20/11/12 7:28 pm

Join the discussion!

Trending Stories Right Now