Scam alert: Dyson loyalty programme
A member of the public recently received an email from Dyson, giving them the chance enter a prize promotion. The email came from a genuine-sounding email address – firstname.lastname@example.org – but the recipient was suspicious and forwarded it to Which’s scam alert service.
At first glance the email certainly looked pretty plausible. The full text is below, with the clickable phrases highlighted in bold:
Hurry! Last chance to claim your prize!
Congratulations, you have been selected to participate in our loyalty program!
Every week we select a few lucky users to receive prizes from our sponsors. Today is your lucky day!
Spin the prize wheel now to see which prize you can claim.
But hurry! This giveaway ends soon!
Claim your special prize.
If you wish to stop receiving these messages, Please write to: 53 South Street London WC53 4CF
However, alarm bells started to ring because the recipient doesn’t own any Dyson products – not the original bagless vacuum cleaner, nor one of the firm’s hair care tools and not the stylish looking air purifier either – so, given that they hadn’t displayed any loyalty whatsoever to Dyson, it seemed unlikely that they would be invited to join a Dyson loyalty programme.
It’s not a Dyson
The good folk at Which? showed the email to Dyson and the company confirmed that it hadn’t sent it and it hadn’t authorised the use of its domain name – that’s the part of a web address that identifies who owns it, for example prizeology.com show that web address belongs to Prizeology.
A spokesperson for Dyson said: “At Dyson privacy is engineered into everything that we do and we take security and our owners’ data extremely seriously. We are investigating this fraudulent email and are implementing various measures to mitigate this happening in the future.”
The company also pointed out that its systems have not been breached or compromised in any way, and that anyone receiving a phishing email like this should report it to Action Fraud and the National Cyber Security Centre (NCSC) on email@example.com, which is definitely good advice.
Yes, this was clearly a phishing email. Phishing is when someone online attempts to obtain sensitive information, such as a username, password, credit card number or other personal data by impersonating a trustworthy body such as a well-known company, a bank or a government department.
If you do think you’ve fallen for a phishing scam and given a scammer your financial details – and don’t berate yourself if you do, because the scammers are smart and it can happen to anyone – contact your bank as soon as you possibly can.
So going back to the scam email itself, the recipient was immediately wary because they didn’t have a Dyson and, in fact, they were right about that, because there isn’t a Dyson UK loyalty programme running at the moment. What other signs were there, though, that the email was a scam?
I can only spot a couple of what are probably deliberate errors – ‘program’ is the American not the British spelling and in the last line there’s a rogue capital P. I think those errors are probably deliberate, because scammers use poor grammar and spelling to sift out people who they don’t believe will fall for their scam and home in on those who will (I’ve written about this before and it’s one of my most popular posts).
There are two other points that start alarm bells ringing for me. One is that the scammers appeared to be using the American .com rather than the British .co.uk. If you type dyson.com into your internet browser it swiftly redirects to the .co.uk address, so surely if the email was genuine Dyson would have used .co.uk in the first place?
The other is that physical address at the end. Prizeology is based in London, so I’m familiar with London postcodes and this doesn’t look like a real one, although there does seem to be a South Street in the smart central district of Mayfair. However, Google that full address and you’ll find that not only does it not exist, but it has also been used in similar scam email purporting to offer prizes and vouchers from Aldi and Just Eat.
What happened next…
So what would have happened if the Dyson-less recipient had clicked in order to get the giveaway? Interestingly, in the Which? comment conversations, someone called Heather Soper says: “I believed the Dyson email, spent £5. It was afterwards I wondered if it was a scam so I called my bank and they put a stop on my card. No money was taken.” Fortunately, on this occasion the scammers didn’t get access to Heather’s bank account, but this underlines how plausible scams can seem.
One Chris Wood also says, “I realised it was a scam, but since they were only asking me to register and pay a ‘fee’ of £1, I went ahead to see what happened. A day later, I had a text purporting to be from my bank saying that money had been taken from my account and I should call this number and use this pin. Needless to say, I called my bank who confirmed that there had been no money taken, except the £1. Clearly, it was an attempt to obtain my bank details.”
Again, all’s well that ends well, but I personally wouldn’t advise going ahead just to see what happens…
Sarah Burns is Prizeology’s Chief Prizeologist and a National Trading Standards Scams Team Scambassador.
© Prizeology and The Prizeologist Blog, 2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited.