IT security and control firm Sophos is warning computer users
not to be duped by enticing email offers, following the rapid
spread of a spoof
chain-mail, allegedly sent by UK high street supermarket Marks
and Spencer, in conjunction with Persimmon Homes.
The email promises at least £100 worth of M&S vouchers in
return for forwarding the message on to at least eight people, and
copying in a legitimate email address at British housebuilding firm
Persimmon Homes. However, neither Marks and Spencer nor Persimmon
Homes has endorsed the email and both advise recipients to delete
it immediately.
The text of the emails reads as follows:
Dear all,
Marks & Spencers, in conjunction with Persimmon Homes,
are giving away free vouchers. Marks & Spencers are trying
word-of-mouth advertising to introduce its products and the reward
you receive for advertising for them is free non-refundable
vouchers to be used in any M&S store.
To receive your free vouchers by e-mail all you have to do
is to send this email out to 8 people (for £100 of free vouchers)
or 20 people (for £500 of free vouchers). Within 2 weeks you will
receive an e-mail with your vouchers attached.
They will contact you through your e-mail address.
Please mark a copy to:
<removed>@persimmonhomes.com
"This email is one hundred percent phoney but unfortunately it
is fooling users because it seems plausible given the growing trend
for companies to make offers via email," said Graham Cluley, senior
technology consultant at Sophos. "I would advise users intent on
sharing these chain emails to check the website of the company
apparently making the offer to determine its authenticity, before
deciding to click the 'forward' button."
Sophos warns that forwarding other people's email addresses
without their explicit permission could compromise their personal
details - leaving them susceptible to spam, phishing attacks and
identity theft. Furthermore, the rapid circulation of an email hoax
such as this could result in a Distributed Denial of Service (DDoS)
attack on the email servers of, in this case, Persimmon.
Persimmon has published an advisory on its website informing
internet users that the email is hoax, and requesting that they do
not forward it onto friends, family and colleagues.
"Hoaxes of this nature may appear harmless but they can waste
valuable bandwidth, impact staff productivity and place email
addresses into the wrong hands," continued Cluley. "Email spreads
like wildfire and forwarding one copy could result in 100 more
being sent - some of which could potentially reach cybercriminals.
If you receive an email that appears too good to be true, it
probably is - hit the delete button straight away to save any
hassle down the line."
Sophos experts recommend that computer users be wary of all
unsolicited emails, and protect their email gateways with a
consolidated product to defend against
spam, phishing, viruses and spyware.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.