Don’t Fall For The Fake Costco Rewards Emails Promising Prizes

Photo of author

Written by: Stelian Pilici

Published on:

Scam emails impersonating Costco have been circulating that pretend recipients have been specially selected to receive an exclusive reward. These emails use Costco branding and claim users just need to complete a quick survey to qualify for the special offer. However, the emails are a fraudulent attempt to trap victims into unwanted paid monthly subscriptions by acquiring their credit card information.

This “hidden subscription” phishing scam tricks users into handing over financial details under the guise of collecting a great prize or reward. Unfortunately, victims end up unintentionally agreeing to recurring monthly charges for services they never wanted or needed. The emails pretend the charge is just for shipping, when in reality it enrolls recipients in costly monthly plans.

It’s important to be aware of how this Costco rewards scam works so you can identify fraudulent emails and avoid becoming a victim. This article will provide an in-depth examination of the phishing scheme, including tips for spotting scam emails, steps to take if you fell victim, and best practices for protecting yourself going forward.

Costco Scam Email

Overview of the Costco Rewards Scam

The Costco rewards email phishing scam starts with fraudulent emails being sent out en masse pretending the recipient has won an exclusive new prize or reward specifically for Costco members. These emails are designed to look like official Costco communications.

The emails contain Costco branding, including use of the company’s logo, color schemes, and often real photos of Costco stores or products. The messages directly mention Costco and feature exciting subject lines like “Congratulations Costco Member!” or “You’ve Been Selected for a Members Only Reward!”

The emails go on to explain victims have been chosen to receive a high-value reward such as free groceries for a year, a $500 or $1000 Costco Cash Card, free electronics, jewelry, or other prizes aimed at Costco shoppers.

To further convince recipients the emails are legitimate and the reward opportunity is real, the messages explain that to qualify, all the user needs to do is take a short customer satisfaction survey about their Costco shopping experiences. This makes it seem simple and reasonable to claim the prize.

Within the emails are links supposedly leading to the official Costco website where recipients can take the quick survey and also provide some basic contact information needed to process the amazing reward. However, these links actually direct victims to sophisticated fake websites.

While the scam sites appear nearly identical to the real Costco site, they are designed entirely by scammers to harvest users’ personal and financial data. The sites have forms prompting visitors to enter information like their name, Costco membership details, address, phone, email, and crucially – credit card information.

Victims comply with submitting their details believing their dream Costco reward is almost within grasp after taking a quick survey. However, buried in complex fine print are mentions of unintended monthly auto-renewal subscriptions being charged to their cards.

These expensive subscriptions for unneeded services are described in intentionally confusing terms and conditions that most victims won’t fully read in their haste to collect their prize. But by submitting their credit card info, victims are enrolled in plans costing $59 to over $100 per month.

So while victims think they are providing basic information just to redeem a special Costco reward, in reality the scammers are acquiring credit card data in order to repeatedly charge hefty monthly fees. This can continue for some time before victims realize what is happening.

How the Costco Rewards Scam Unfolds

Now, let’s take a closer look at exactly how this phishing scam typically operates:

1. You Receive an Unsolicited Email

The scam starts with an email landing in your inbox unprompted. You likely did not initiate any contact with Costco or opt-in to receiving promotions. The scammers send emails en masse to harvested addresses.

2. The Email Promises a Special Costco Reward

The subject line grabs your attention, stating something like “Costco – Congratulations! You’ve Been Selected for an Exclusive Members Only Reward!” This makes it sound like you’ve won a special prize.

3. You Are Instructed to Take a Short Survey

The email goes on to explain that, in order to qualify for this exclusive Costco reward, you simply need to complete a short customer satisfaction survey about your shopping experience.

There is often urgent language implying the reward opportunity is limited. This creates pressure to act quickly.

4. A Link Leads to a Fake Costco Website

Within the email is a link supposedly leading you to the Costco website where you can take the mentioned survey and also provide some basic details in order to collect your reward.

However, the link actually takes you to a sophisticated fake website that mirrors the real Costco site but is controlled entirely by scammers.

5. You Enter Personal and Credit Card Information

On the scam website, you are prompted to enter quite a bit of sensitive personal information in order to claim your prize. This includes your full name, address, phone, email, and crucially – your credit card details.

You comply under the impression the data is needed to process your exclusive Costco reward and cover a small shipping/handling fee.

6. Hidden Monthly Subscription Terms

Buried in tiny fine print, likely on a separate page or document linked in the scam site’s terms and conditions, is information about “enrollment” in paid monthly subscription services.

These include things like shopping clubs, financing offers, identity theft protection, etc. with steep fees ranging from $59-$139 per month.

7. Recurring Unauthorized Charges Begin

Within a month, victims start seeing large recurring charges from unfamiliar vendors on their credit card statements. This is the costly monthly plans outlined in the terms being continually billed.

8. Difficulty Canceling the Plans

When victims try to cancel the plans and halt the charges, they find it impossible to contact the scammers. The companies are fraudulent and set up to just take payments. Canceling or getting refunds is extremely difficult if not impossible.

9. Credit Card Used for Additional Fraud

In addition to the unauthorized subscription charges, victims’ stolen credit card details are sold on the dark web or used to make fraudulent purchases or drain funds through other scams.

The compromised information provides ways for scammers to further financially exploit victims.

How to Identify the Costco Rewards Scam Emails

It’s important to be able to recognize the telltale signs of the fraudulent Costco rewards emails so you can avoid falling victim. Here are some tips for identifying the scam:

Analyze the Sender’s Email Address

Take a close look at the address the email is sent from in the “From” field. Scammers often spoof legitimate addresses like Costco@costco.com. But look for slight variations or misspellings that indicate a fake sender.

Watch for Poor Spelling and Grammar

Phishing emails are often riddled with spelling, grammar, and formatting errors. Legitimate big brands like Costco have professional communication standards. Typos and mistakes indicate fraud.

Offers Too Good to Be True

Skeptically examine any claimed reward that seems too amazing to be free. For example, a year’s worth of free groceries or a $1000 cash card given out randomly is improbable.

Requests for Personal Information

Authentic prize offers should never demand sensitive personal details just to redeem. Needing your credit card, address, etc. in order to collect is a huge red flag.

Look for Urgent Calls to Action

Language insisting you need to act now or risk missing this exclusive opportunity creates undue pressure. Real Costco rewards would not have such hurried timelines.

Verify URL Links Carefully

Mouse over any links without clicking to preview the URLs. Scam links often have misspellings, unrelated addresses, or odd domain extensions.

Investigate Terms and Conditions

Actually read the fine print. Dishonest terms and mention of monthly memberships indicate a phishing attempt to steal financial information.

Contact Costco Directly

If anything seems off, confirm with Costco’s customer service whether the offer is legitimate. Don’t trust third-party sources on an unsolicited email.

With vigilance and skepticism, you can identify key indicators that an email purporting to be from Costco is a fraudulent phishing scam aiming to lure in victims. Use these tips to investigate carefully before ever providing personal information or clicking links. Protect your identity and financial data from compromise.

What to Do If You Are Targeted by This Scam

If you believe you may have fallen victim to the Costco rewards phishing scam, here are important steps to take right away:

  • Contact your credit card provider – Report all fraudulent charges and cancel the compromised card. Request a refund for unauthorized subscriptions and payments. Get a new card issued with a different number.
  • Review statements closely – Look for any unfamiliar, deceptive, or recurring charges from unknown third parties. This may indicate unwanted plans you’re enrolled in from scammers.
  • Place fraud alerts – Notify credit bureaus to place fraud alerts on your credit reports to help detect any suspicious activity indicating wider identity theft.
  • Monitor your credit – Enroll in credit monitoring services that regularly check your credit for new accounts or inquiries so you can stay on top of potential misuse of your information.
  • Reset account passwords – Change passwords on all online accounts, especially for the Costco account associated with the scam. Make passwords unique and enable two-factor authentication where possible.
  • File complaints – File reports about the scam with the FTC, FBI IC3, Costco, and your local law enforcement. Provide all details about the phishing attempt.
  • Sign up for identity theft protection – Consider leveraging identity theft protection services that can take actions on your behalf if wider fraud occurs beyond just credit card theft.

How to Avoid Falling Victim to This Costco Scam

Here are some tips to protect yourself from this Costco exclusive rewards phishing scam:

  • Avoid unsolicited emails – Do not open or respond to any emails you did not specifically sign-up to receive, especially any claiming you’ve won a prize or reward.
  • Verify senders – Closely check the emails address in the “From” field. Scammers often spoof legitimate addresses.
  • Check for urgent calls to action – Emails insisting you need to act quickly or risk missing out on a prize are red flags of phishing. Legitimate rewards have no such urgency.
  • Do not click links – Never click on any links within unsolicited emails. Manually navigate to the real Costco website if you want to access your account.
  • Beware requests for information – Real Costco rewards would never request sensitive personal details just for prize redemption. This is a sign of phishing.
  • Read all fine print – Actually read any full terms and conditions before entering info onto an offer site. Watch for hidden mentions of monthly plans or billing.
  • Use prepaid cards – If you must submit any payment info, use a prepaid card with the exact amount needed so recurring charges cannot be placed without authorization.

Frequently Asked Questions About the Costco Rewards Scam

What exactly is the Costco rewards scam?

This phishing scam involves fraudulent emails sent to victims pretending they’ve won an exclusive new prize or reward from Costco. The emails contain links to fake Costco websites that are used to steal credit card and personal information.

How do the scam emails work?

The emails claim recipients have won a high-value reward like free groceries or electronics. They provide links to fake Costco sites where victims “claim” the prize but really are tricked into entering credit card details which are used to enroll them into unwanted costly monthly subscriptions.

What techniques do the fake emails use?

The emails use:

  • Official Costco branding and logos
  • Subjects like “Congratulations Costco Member!”
  • Details of rewards like cash cards or free merchandise
  • Claims of an urgent need to act quickly
  • Links to convincing but fake Costco websites

What do the fake websites look like?

The fraudulent sites appear nearly identical to the real Costco website. They use the same logos, colors, fonts and images of products or stores. Often the URL is misspelled or clearly forged.

What happens when victims enter information?

By entering credit card and personal details, victims are unintentionally agreeing to expensive monthly subscription plans billed recurringly to their cards by scammers. This can go on unnoticed for some time.

What are some red flags to identify the scam?

Red flags include:

  • You did not enter any Costco reward promotion
  • Requests for personal details to collect prizes
  • Misspelled or suspicious URLs
  • Mentions of subscriptions in fine print
  • Difficulty contacting the reward provider

What should you do if you receive one of these emails?

If you get a suspicious Costco reward email:

  • Do not click on any links
  • Check that the email address is legitimate
  • Call Costco to confirm if the reward is real
  • Mark the email as spam and delete it

How can you avoid becoming a victim?

To avoid this scam:

  • Be wary of unsolicited reward claims
  • Never provide personal or credit card information without verifying legitimacy first
  • Read all fine print thoroughly before entering information onto any site
  • Use prepaid cards if asked to submit payment details
  • Monitor statements closely for any unauthorized charges

What steps should you take if you fell for the phishing scam?

If you fell victim to the scam:

  • Immediately alert your credit card company of the fraudulent charges
  • Place fraud alerts on credit reports and sign up for credit monitoring
  • Reset all account passwords and enable two-factor authentication
  • File reports about the phishing attack with Costco and law enforcement
  • Carefully watch for any new misuse of your stolen information

The Bottom Line

This Costco exclusive rewards phishing scam aims to bait victims with the promise of a great free prize in order to stealthily steal credit card and personal information through a fake website. But by understanding common tactics used in hidden subscription scams, you can identify red flags and avoid being lured into the trap.

Always exercise caution when receiving unsolicited emails, scrutinize senders and links for authenticity, read all fine print thoroughly, and never provide sensitive information carelessly. With vigilance and awareness, you can keep your identity and financial data protected even as scammers grow more sophisticated. Don’t let the lure of an exclusive Costco reward put your security at risk unnecessarily.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Previous

Exposed: The Viral $1.99 Aritzia Warehouse Sale Scam

Next

Beware! Costco Annual Cashback Scam Targets Loyal Shoppers