As frustrating as scam emails are to receive, they're at least a little less likely to show up in your inbox these days. Email providers usually filter these nefarious messages into a designated spam folder before you can even see them. Some still manage to slip through, however, especially when the senders are relentless. And the folks behind a Dick's Sporting Goods scam are nothing if not persistent. A phishing email purporting to be from the popular retailer says that you've won a free cooler, but sadly, that's not the case. Read on to find out what you should be keeping an eye out for to protect yourself.
Unfortunately, a free cooler isn't in your future.
A key indicator of a phishing attempt is a deal or opportunity that sounds too good to be true—and an unsolicited free Yeti cooler certainly falls into that category.
Yeti coolers are durable and able to keep your beverages and food ice cold for extended periods of time, which is why they sell for hundreds of dollars. But people across the country have recently reported an influx of emails, allegedly from Dick's Sporting Goods, offering a free Yeti Hopper M20 Soft Backpack Cooler, per Wired.
As the cooler retails for approximately $325, the email should immediately send up red flags. Rather than gifting you a new Yeti, the scam is a ploy attempting to steal your personal information, specifically credit card numbers, CNBC reported.
The email is pretty convincing at first glance.
Your first hint that something is amiss should be the misspelling of Dick's Sporting Goods' formal name, according to Wired. The email will say it's from Dicks Sporting Goods (sans apostrophe), Dicks SportingGoods (sans apostrophe and a space), or Dicks SPORTING Goods, the outlet reported, but the content itself is pretty convincing.
In the body of the email, Dick's formal logo is used, and it looks like your standard email advertisement, according to a screenshot posted on Twitter. "Congratulations! You have been chosen to participate in our Loyalty Program for FREE!" the message reads, with a button to "CONFIRM NOW!" below. "It will take you only a minute to receive this fantastic prize.. YETI M20 Backpack Cooler."
The scam has been running for some time, as Twitter users have been voicing complaints on the platform for months. "Anyone else getting a Dicks Sporting Goods / YETI scam email every other day?" a Nov. 3 tweet reads, while another from Nov. 16 says, "It's non-stop! I keep blocking them. What list am I on and who was it sold to!?"
The campaign seems to be affecting Gmail users, but it's not yet clear whether other email services have been affected. Several users have called on Google to look into the issue, as these emails consistently make their way through spam filters, but experts say that the scammers themselves are getting more sophisticated.
Both Google and Dick's issued statements on the scam.
Even Gmail users who flagged the Yeti emails as spam report that the emails stop for a short period of time before starting up again. "The Dick's email scammers are incessant," a Twitter user wrote on Nov. 16. "And they are ending up in the 'Primary' folder in Gmail, despite me reporting them as spam consistently."
Security experts say that "clever" redirection helps these emails get around spam filters. "This research is showing attackers creating techniques that enable them to make their campaigns much more effective, or even evade some detections," Or Katz, principal security researcher at Akamai, told CNBC of the Yeti scam. "And at the same time they are creating campaigns that are much more engaging, much more trustworthy [looking], putting more effort into the details."
Google acknowledged the scam, calling it "particularly aggressive," Wired reported. "Our security teams have identified that spammers are using another platform's infrastructure to make a path for these abusive messages," a spokesperson told the outlet. "However, even as spammers' tactics evolve, Gmail is actively blocking the vast majority of this activity."
Dick's Sporting Goods also published a formal alert on its website, warning shoppers not to reply or click on links in the scam emails. "We have invested in skilled personnel, recurring training, and numerous technologies to keep pace with current threats, trends, and an ever-evolving landscape," the security alert reads. "Despite these best efforts, internet scammers are relentless in their pursuit to defraud individuals."
The company included screenshots of the fraudulent emails, explaining that Dick's will not "solicit information from our customers in this manner."
Stay vigilant, and double-check everything.
Wired reported that the Yeti scam might be losing momentum—as some of these emails are finally being filtered to the spam folder. But Google's spokesperson told the outlet that the campaign will likely continue, urging users to "continue exercising caution when opening messages."
Aside from misspelled brand names and sweet deals that probably aren't legit, you should also check the email address that the message is coming from. Twitter users point out that the email address for this particular scam is a dead giveaway.
"These scam/spam emails are pretty funny sometimes," a user tweeted in late May. "This one pretending to be @DICKS but look at that email address. Its like a cat ran across their keyboard." An attached screenshot shows a "noreply" email with a series of random letters following the "@" sign. In its security alert, Dick's also notes that it doesn't send emails "from any email domains except for those affiliated with our family of businesses."
You should be aware that these scams aren't limited to the Dick's Sporting Goods brand, as others have reported receiving similar emails from fraudsters claiming to be retailers like Kohl's, Costco, and Walmart. Wired reported that a new email claiming to be from ACE Hardware advertises a "free" power drill, and Vox cited a scam email from Kohl's circulating in November, which offered a free Le Creuset Dutch oven.