I love Starbucks and go there all the time, so when I got an email saying that I had won a Starbucks Gift Box, I was pretty excited. Except when I click on the button, it takes me a page that doesn’t load. Dave, how can I get my gift box??
Let’s start right out with the bad news: It’s a scam. The announcement you received actually is an attempt to steal your Starbucks account credentials. With that information, they could then use your Starbucks card to buy coffee likely without you ever noticing. Since the one I examined is also broken, however, there might be an even more nefarious intention like infecting your computer with malware. There are some rather unpleasant people on the Internet nowadays, unfortunately.
In other words, give up your dream of winning a glorious Starbucks gift box. There are no gift boxes and you’ll have to buy that shiny new cup at the local ‘bux if you’ve fallen in love with it.
But there’s a bigger issue here: Being too trusting of email and clicking on dangerous links.
To help you see how there were all sorts of red flags that should have prevented you from taking that step, I’m going to put on my deerstalker cap and lead you through how I dissect email messages to understand what’s going on… The email game is afoot!
THE INITIAL INVITATION
Here’s the email message I found in my Gmail spam folder (Most modern email systems automatically filter and protect you from the most egregious spam, but you can’t count on it working 100% of the time, unfortunately):
I can see why you got excited: I too would be happy to receive a box of goodies from Starbucks! But a closer look reveals a number of troubling facts…
- Why isn’t it addressed to me by name? Starbucks knows my name from my Starbucks account.
- Why is it sent from “colsalediece.com” not “starbucks.com”?
- Why isn’t my email address showing up in the “to” field?
Links can be dangerous, so it’s smart to examine the digital envelope (sender, recipient) more closely.
CLUES IN THE ENVELOPE
In Gmail, this can be done by clicking on the tiny black triangle next to the recipient information, which pops up a useful little window:
When there’s no recipient specified (the blank “to:”) it means that the message has likely been sent to dozens or even hundreds of people through a Bcc or similar. That by itself often indicates that a message is spam.
The bigger issue here is the sender, however. Not only is the sender’s email account bizarre (“yMvUOGrGI4”) but the sending domain is peculiar too: calmest.colsalediece.com.
Let’s look it up! A quick check reveals that it has a blank home page (at www.colsalediece.com) but that the domain is doing something behind the scenes anyway:
The clue? There are 8 cookies in use even though it’s presenting a “blank” page. Really, though, you shouldn’t even have gone this far because as soon as you noticed the email about a Starbucks gift wasn’t from Starbucks.com, you should have just deleted the message and moved on.
WHAT ABOUT THE BUTTON ITSELF?
All decent email systems should show you a preview of a link before you click on it, and that’s a critical thing to check before you’re taken to some dangerous site after a half-dozen redirects! Again, in Gmail, move the cursor over a link without clicking on it and a tiny pop-up window on the lower left will reveal the associated link:
My cursor is over the big, green “Get it Now” button and you can see that it links to tinyurl.com.
Why do people use TinyURL.com? In this context it’s for one purpose only; to hide the actual site that you’re going to be sent to upon clicking.
Fortunatley, there are sites online that will expand TinyURL.com and similar redirect links without you having to click on them. Let’s see where this particular link would take us by going to ExpandURL.net…
The result is most interesting…
Clicking on the “Get it Now” link will take you to 119-235-249-162.dynamic.hinet.net/short/. Okay, so what’s hinet.net?
Hinet redirected me to this Chinese-language domain lookup page. Curious indeed! Now it’s a sure bet that Starbucks wouldn’t be using a company like Chunghwa Telecom in Taiwan to tell us about a gift box, right?
ONE MORE STEP: THE IP ADDRESS
Still not entirely convinced? The new URL has what’s known as an IP address as its preface – 119-235-249-162 – so let’s replace the dashes with dots and look it up to see where that particular computer is located. This time I’m going to use IPlocation.io for the query…
That computer is apparently located in Jakarta, Indonesia. Most assuredly not part of Starbucks, right?
Oh, and if you did click, here’s where you’d end up:
This means that they’ve set up a Web server (probably on a PC) but haven’t actually set up a landing page yet. This suggests that the Starbucks Gift Box email might just be a test to see if people would get to the server or not. Given a few days, however, this page could look identical to a Starbucks account login page.
Would you have caught the scam in time?
Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting for more informative articles on how to stay safe online. Thanks!
The same email message came to me and I believed it was true and ordered the Starbucks coffee lovers box also. My order number is 2241350 and the date 5/21/2024. Additional 25% off when paying with MasterCard pays $6.45 Congrats you are a winner.