Uncover the “Sainsbury Gift Card PayPal” Scam Email

A new phishing scam email purporting to be from PayPal and Sainsbury’s is circulating, attempting to trick recipients into believing they have erroneously sent money for a Sainsbury’s gift card. This fraudulent email includes all the hallmarks of a scam and should not be trusted.

This article will provide an in-depth overview of how this scam works, how to identify it, steps to take if you received the email, and measures to avoid falling victim. With online shopping and digital payments growing rapidly, awareness of such scams is essential to protect yourself.

Sainsbury Gift Card PayPal Scam Email Invoice

Overview of the Scam

The fake “Sainsbury Gift Card PayPal” email claims the recipient has sent a payment of £699.99 to Sainsbury’s for an eGift Card. It instructs the recipient to call a provided UK phone number (+44 203 787 9991) supposedly belonging to PayPal, to reverse the non-existent transaction.

This is a complete fabrication by scammers intended to deceive. The email and phone number are not legitimate PayPal or Sainsbury’s contacts. The scam aims to obtain personal information and money from victims by pretending to provide customer support.

Objectives of the Scammers

The objectives behind this scam email are:

  • Obtain personal information – By calling the number, scammers will try to gather private data like full name, address, banking details, etc. This can then enable identity theft.
  • Install malware – Scammers may try to get victims to download files containing malware that will infect their device and compromise sensitive data.
  • Gain remote access – Scammers will attempt to get remote access to your computer under the pretense of helping reverse the fake transaction. This allows them to steal data directly.
  • Make fraudulent charges – With your personal and banking information, scammers can make unauthorized transactions from your accounts.
  • Extort money – Scammers will pressure and manipulate victims into sending money via wire transfers, gift cards, cryptocurrency, etc. to “cancel” the non-existent transaction.

Why Sainsbury’s and PayPal?

This scam email exploits two well-known UK brands that many people would reasonably have accounts with or make online transactions for groceries and shopping. Using trusted company names makes the email appear more legitimate and tricks unsuspecting recipients.

The scammers aim to create a sense of urgency and threat, making recipients more likely to contact the number without carefully examining the email first. Failing to identify this as a scam can have severe financial consequences.

How the Scam Works

The scammers operate this fraud through the following process:

  1. Send phishing email – Using the spoofed “@Sainsbury.com” sender address, scam emails are distributed en masse to potential victims. The email is made to look like official correspondence from PayPal and Sainsbury’s.
  2. Recipient contacts number – Worried recipients call the phone number provided, believing they are contacting PayPal customer support. The number is answered by scammers posing as representatives.
  3. Scammer verifies personal information – To “pull up your account”, the scammer asks for personal information – name, address, date of birth, credit card details etc.
  4. Scammer provides fake support – The scammer makes up reasons why the payment is pending and needs to be reversed, asking the victim to install software, provide credit card info, share login details, etc.
  5. Scammer pressures victim for money – Ultimately, the scammer insists the victim send money urgently via wire transfer, prepaid gift cards, cryptocurrency, etc. to cancel the non-existent transaction.
  6. Scammer disappears – Once payments are made, the scammer disconnects communication and disappears with the victim’s money and information.

How to Spot This Scam Email

While this email may look convincing at first glance, there are several indicators that reveal it as an outright scam:

  • Sender address – The email comes from a @Sainsbury.com address. Real PayPal emails would never be sent from a grocery retailer’s domain.
  • Generic greeting – Addressing the recipient simply as “Hello” or “Hi”, rather than their name, indicates a mass-sent scam email.
  • Spoofed phone number – The +44 203 number does not belong to any legitimate PayPal or Sainsbury’s customer service. The number is controlled entirely by scammers.
  • Request for personal information – PayPal would never cold call to confirm sensitive account details like SSN, bank account numbers, etc. over the phone.
  • Sense of urgency – Tactics like “call immediately” and threats of account suspension are intended to panic recipients into contacting the scammers without thinking.
  • Poor grammar/spelling errors – The email contains typos, awkward phrasing, and formatting mistakes no official correspondence from PayPal would have.
  • No transaction details – Beyond the amount, no specific details of the supposed erroneous Sainsbury’s gift card transaction are provided.

Verifying the Email and Number

To confirm this email is fake, you can contact PayPal’s official customer service through their website and app. Do not use any number provided in the suspicious email. You can also call Sainsbury’s to inquire if they sent the email.

Searching online for the phone number will also reveal other reports of the number being used in similar gift card scams – proof it is not legitimate.

What to Do If You Receive This Scam Email

If this fraudulent PayPal and Sainsbury’s email appears in your inbox, take the following recommended steps:

  • Do not click any links or call the number – This could compromise your device or lead to you falling victim via the scam call center.
  • Forward to PayPal phishing email – Forward the scam email to PayPal at phishing@paypal.com to report the phishing attempt.
  • Report the email – Report the scam email as phishing/spam within your email client. This helps warn others of the scam.
  • Change passwords – Even if you did not fall for the scam, it is wise to change passwords for your PayPal account and any other financial accounts as a precaution.
  • Monitor accounts – Keep an eye on your PayPal, bank, and credit card statements over the next weeks for any signs of unauthorized access or activity. Report it immediately if detected.
  • Update security – Enable two-factor authentication on your PayPal account and other important accounts to add an extra layer of security from phishing attacks.
  • Warn contacts – Let your friends and family know of the new scam email targeting PayPal and Sainsbury’s customers, so they can identify and avoid it.

Avoiding Gift Card Payment Scams

While this specific email refers to Sainsbury’s, similar scams impersonating major retailers, tech companies, government entities, etc. are common. Here are some top tips to avoid becoming victim:

  • Know legitimate payments – Real companies will never cold call or email demanding emergency payments via gift cards, cryptocurrency, wire transfers etc. These are scammer-preferred payment methods.
  • Double check domains – Email addresses can easily be spoofed. Verify that any call-to-action links point to legitimate web domains – not slight misspellings.
  • Do not trust caller ID – Scammers often spoof real customer service numbers. Independently lookup and call official numbers listed on the company’s website.
  • Never share passwords or pin codes – Real reps will never ask for your full password or code. Only scammers make such requests.
  • Avoid clicking links – Even if an email looks legitimate, clicking included links can expose you to malware, spoof sites, or other threats. Manually navigate to sites if needed.
  • Use antivirus software – Malware and viruses can compromise your data and enable scams. Keep your computer protected.
  • Enable MFA/2FA – Multifactor or two-factor authentication (via SMS, authenticator apps, security keys etc) adds crucial account protection beyond just passwords.

Staying vigilant against scams and equipping yourself with knowledge of common techniques is key to avoiding becoming another victim.

What to Do if You Fell Victim to This Scam

If you unfortunately called the number and fell victim to the scam, take these steps immediately:

  • Contact your bank – Alert your bank and credit card companies to reversed any fraudulent transactions or stop payments. Cancel any cards compromised.
  • Change passwords – Change the passwords for all your online accounts, prioritizing financial accounts and your email account. Enable MFA where possible.
  • Scan devices – Run comprehensive antivirus scans to remove any potential malware installed during the scam call.
  • Report to authorities – File a report about the fraud with local law enforcement and bodies like the FTC and IC3. Provide all details of the scam.
  • Inform companies – Contact PayPal, Sainsbury’s, and any companies the scammers now have information on to warn them of potential account abuse.
  • Monitor credit – Keep a close eye on your credit reports with Equifax, Experian, and TransUnion for any signs of fraudulent accounts or activity. Consider a credit freeze.
  • Seek other guidance – Consult with your bank, experts, government agencies, and resources like VictimSupport.org to secure accounts and recover lost funds.
  • Warn others – Share your experience publicly or with friends and family to prevent others from falling victim to the same scam.

Frequently Asked Questions

Is this email really from PayPal?

No, this scam email is not sent by PayPal. It spoofing PayPal’s branding and identity in order to trick potential victims. PayPal would never contact you demanding emergency payments via unusual methods or asking for sensitive personal data over a call.

Can PayPal reverse a gift card payment?

PayPal cannot reverse or refund payments made with gift cards, as the transaction occurs entirely between the retailer and card provider. PayPal also cannot cancel a gift card payment without collaboration from the retailer. This demonstrates the scam’s claims are implausible.

Is the customer service number real?

The +44 203 phone number included in the email is not a legitimate PayPal customer service line. This number is controlled entirely by scammers. Do not trust any number provided in a suspicious, unsolicited email.

Can I tell if an email is real by calling the company?

No, you should not call any number included in a suspicious email, as it likely leads to scammers. Instead, independently lookup the real customer service number by visiting the company’s official website and calling that number to verify an email’s legitimacy.

What happens if I share my information with the scammers?

Providing personal, financial, and account information enables the scammers to steal your identity, make fraudulent transactions, take over accounts etc. Never share sensitive data like passwords, SSNs, or bank details with unverified parties demanding them urgently over a call.

Conclusion

This “Sainsbury’s Gift Card PayPal” phishing scam exploits trusted brand names in an attempt to dupe innocent recipients and steal money and data. By understanding common techniques used in such frauds, examining emails carefully, and following security best practices, users can avoid becoming victims. Remaining vigilant and proactively warning others is crucial to protect yourself and prevent these scams from claiming more victims.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.