Wednesday, January 05, 2011

Sainsbury's emails and the case of the wrong domain.

As has probably been mentioned I shop at Sainsbury's (as well as Co-op, Morrisons & local non-supermarket stores I hasten to mention) and I have a Nectar card which is handy as it works with Amazon and various other online stores as well as in some 'real world' stores too.

As part of this devil's pact I often get emails from Nectar and Sainsbury's and normally I pay a huge amount of attention to them (is zero a huge amount?); however for once I took a look at the latest picture-heavy html email that was flushed my way and hovered over the "If you cannot see this email, please click here" link and where does it want to go to?

trc.emv2.com/HM?a=[and a whole shed load of alphanumerics]

Hovering over every link and it wanted to take me to the same domain except "To ensure that your Sainsbury's emails get to your inbox, please add email@sainsburys.emv1.net to your address list or safe list." okay that's a whole other domain.

Was this a one-off? I checked the archive way back to Jan 09 and would you look at that it's emv2 and emv1 for every single one.

Now what's the first thing every computer user is taught (or at least should be) about clicking on links in emails that purport to be from someone official - Check that the actual address you're going to looks legitimate. That email from your bank telling you they're about to close your account unless you reset your password wants to take you to bankname.imacrook.lawless I don't care even if the text looks right don't click on it if the address doesn't match your expectations.

So is this legit or what? Short answer I don't know. The domains don't seem to be connected to Sainsbury's in any obvious manner and the only tiny bit of information that isn't about "Europay, MasterCard and VISA" led me to the only Sainsbury's hosted page and that was a forum where anyone could post; hardly conclusive.

Now from content I'm pretty sure they come from Sainsbury's, but just to set the cat among the pigeons I've just used their contact form laying out the link problem, the lack of information on their site and my conclusions are that these are fake and thus worthy of investigation.

If they come back with a 'Oh yes that's us' they'll feel the rough end of my tongue; if not I have to say well played to the scammers for such a well-worked email.

Response 1 and Final Verdict

2 comments:

Anonymous said...

Interesting! I'm getting stuff purporting to come from EE, also linking to trc.emv2.com, so I'll be writing to EE to report it as probable spam.

Anonymous said...

Interesting! I'm getting stuff purporting to come from EE, also linking to trc.emv2.com, so I'll be writing to EE to report it as probable spam.