Ahead of the weekend, people are being warned to watch out for an email purporting to be from online takeaway service, Just Eat, asking them to fill in a survey rating their customer experience in return for a free £10 account credit.
People have taken to social media to say they've received a "very genuine-looking" email claiming to be from Just Eat, which asks them to enter a password and username to access a survey about the site, and once it's completed, they're asked to enter their bank details in order to get the credit.
We asked Just Eat about this email, and it confirms it's not from it and says it is a phishing email – a type of spam email where scammers try to reel you in with the hope you've got a connection to the company they're pretending to be from.
A spokesperson for Just Eat says: "Just Eat takes the protection of customer data very seriously. Through listening to our customers, we understand that some have recently received phishing emails purporting to come from Just Eat. We always advise our customers to be vigilant about their online security, and ask them to forward any suspicious messages to firstname.lastname@example.org."
See MoneySavingExpert.com's Stop Scams guide to protect yourself and see below for what to look out for.
I've received this email. Do I need to do anything?
If you get this email, delete it straightaway. Do not complete the survey, reply or download any attachments.
If you have entered your bank details or any other passwords or financial information, consider taking the following steps to protect yourself:
- Check your bank or credit card account for fraud. Monitor the account details given over the next few months. If you see anything unusual, contact your bank or credit card provider immediately, and Action Fraud on 0300 123 2040 or via www.actionfraud.police.uk as soon as possible.
- Check your credit file in case anyone's stolen your ID. The credit reference agencies can tell you if anyone's tried to open accounts in your name. Check for free – see our Credit Report guide.
- Change your passwords. It's best practice to change passwords every now and then, so use this as an opportunity to do so on your Just Eat account. If you use the same or a similar password elsewhere, change these too – see Martin's Easy Password Tricks blog for passwords help.
- Don't disclose your data – cold calls/emails are a scam. If you're contacted by anyone asking you for personal data or passwords (such as for your bank account), it's more than likely to be a scam. See our 30 Ways to Stop Scams guide.
'I usually wouldn't bother with these emails, but this looked genuine'
Hayley La Roche is one such person who was nearly duped by the email. The 36-year-old, who lives in London, says: "I used to work in the fraud department at a bank, so I'd like to think I'm pretty good at spotting these things, especially if an email starts with 'Dear customer' or has spelling mistakes in it.
"But this email had my full name and current mobile number and my old address listed (I'm not sure if I'd updated my Just Eat account with my current address). It asked me to sign in using my email and password, which I did using fake details, more as curiosity as I thought if I entered them incorrectly and they went through, then I'd know it was fake.
"On the second page it asked where I'd heard of Just Eat, what rating I'd give it out of five, how often I get takeaways and how likely I was to recommend it to someone else. On the final page it asked for the cardholder's name, the 16-digit number, the expiry date, the three digit security code, the sort code and the account number, as well as my password and date of birth.
"I contacted Just Eat via its online chat and the customer service assistant said they'd pass this on to their supervisor. I usually wouldn't bother with these emails but it had my name and details and it really looked genuine."
Below is a picture of the email Hayley received:
What to look out for in scams:
- Never click on a link and enter your password – no matter how genuine it looks. If it looks like a real security concern, call the company in question via its published phone number.
- Genuine companies should know who they are targeting with emails. "Dear Customer" may sound polite, but that or any variation of "Dear Sir/Madam" or "Dear Valued Customer" should set off alarm bells.
- Be vigilant if an email is badly-worded or littered with spelling mistakes. Legitimate companies will spend time crafting emails they send and they're likely to proofread them too, so bad grammar and dodgy spelling are likely to be picked up before the email goes out.
See our Stop Scams guide for more on what to look out for, how to protect yourself and what to do if you're a victim of a scam.