Phoney Marks and Spencer email offer spreads like wildfire

June 06, 2007 Sophos Press Release

IT security and control firm Sophos is warning computer users not to be duped by enticing email offers, following the rapid spread of a spoof chain-mail, allegedly sent by UK high street supermarket Marks and Spencer, in conjunction with Persimmon Homes.

The email promises at least £100 worth of M&S vouchers in return for forwarding the message on to at least eight people, and copying in a legitimate email address at British housebuilding firm Persimmon Homes. However, neither Marks and Spencer nor Persimmon Homes has endorsed the email and both advise recipients to delete it immediately.

The text of the emails reads as follows:

Dear all,

Marks & Spencers, in conjunction with Persimmon Homes, are giving away free vouchers. Marks & Spencers are trying word-of-mouth advertising to introduce its products and the reward you receive for advertising for them is free non-refundable vouchers to be used in any M&S store.

To receive your free vouchers by e-mail all you have to do is to send this email out to 8 people (for £100 of free vouchers) or 20 people (for £500 of free vouchers). Within 2 weeks you will receive an e-mail with your vouchers attached.

They will contact you through your e-mail address.

Please mark a copy to:
<removed>@persimmonhomes.com

"This email is one hundred percent phoney but unfortunately it is fooling users because it seems plausible given the growing trend for companies to make offers via email," said Graham Cluley, senior technology consultant at Sophos. "I would advise users intent on sharing these chain emails to check the website of the company apparently making the offer to determine its authenticity, before deciding to click the 'forward' button."

Sophos warns that forwarding other people's email addresses without their explicit permission could compromise their personal details - leaving them susceptible to spam, phishing attacks and identity theft. Furthermore, the rapid circulation of an email hoax such as this could result in a Distributed Denial of Service (DDoS) attack on the email servers of, in this case, Persimmon.

Persimmon has published an advisory on its website informing internet users that the email is hoax, and requesting that they do not forward it onto friends, family and colleagues.

"Hoaxes of this nature may appear harmless but they can waste valuable bandwidth, impact staff productivity and place email addresses into the wrong hands," continued Cluley. "Email spreads like wildfire and forwarding one copy could result in 100 more being sent - some of which could potentially reach cybercriminals. If you receive an email that appears too good to be true, it probably is - hit the delete button straight away to save any hassle down the line."

Sophos experts recommend that computer users be wary of all unsolicited emails, and protect their email gateways with a consolidated product to defend against spam, phishing, viruses and spyware.