You receive an email supposedly from Ace Hardware, saying you’ve won a prize, like a fancy drill or a space heater. All you have to do to receive it is take part in a short survey. Should you do it? Nope! It’s a common scam!
In this post, I’ll break down one such scam email that made its way to my husband’s inbox. I’ll point out some telltale signs that it’s a scam and explain how the scam works. I’ll also tell you what to do if you receive a similar email.
The suspicious email
This scam email made its way into my husband’s inbox a few weeks ago. At first sight, it looks pretty convincing!
The email is eye-catching and appears to be from a trusted brand. If you want a fancy drill and are a fan of Ace Hardware, it would be tempting to click through to the survey.
But on closer inspection, the email has some serious red flags which give away its true nature.
First, Ace Hardware is listed as the sender, but the email was actually sent from [email protected]. This is not an official Ace Hardware address and is a major red flag that the email is sketchy.
Worse, when I looked up information about the domain arklmmst[.]space at whoxy.com, I found it was registered the same day the scam email was sent. This is another red flag, as scammers frequently have to register new domains since their old ones get blacklisted.
The third red-flag is the subject, which is “Email verification.” This doesn’t match the content of the email, which tells us we’ve won a prize. A big company like Ace Hardware isn’t likely to have a weird mismatch between their email’s subject and its content.
Fourth, although there’s not a lot of text in the email, there is still a typo. The email claims we have “won an Milwaukee power drill,” instead of informing us we have “won a Milwaukee power drill.” Again, this is a red-flag because a big company like Ace Hardware is not likely to make a mistake like that.
The fifth red-flag is that the link in the email has been shortened to obscure its final destination. In this case, the scammers used the link shortening service TinyURL to hide where the link goes to.
These five red-flags are more than enough to determine the email is a scam.
But where does the link in the scam email go? And how does the scam work?
When I entered the TinyURL link into URLScan.io, it told me the link’s final destination was utileboards[.]com. It also flagged this site as malicious, noting it was a survey spam site.
When I ran utileboards[.]com through VirusTotal, 6 out of 88 website scanners listed it as malicious. While that might not seem like a lot, the domain had only been registered for about a month, and it takes time for the scanners to recognize when domains are being used for malicious activity.
The screenshot from URLScan.io shows us what the scam site looks like. In the screenshot, the page is displayed in German, probably because the site recognized it was being scanned from Germany (URLScan.io’s default setting), and changed its language settings accordingly.
Using Google translate, we see the site says the following: “Congratulations! Complete this short 30-second survey about your core backbone experience to select one of our exclusive reward offers. To receive your rewards, simply fill out our anonymous survey. There are only a limited number of bonuses left for today!”
If you complete the survey, you’ll be told you’ve “won” the drill, but will then be asked to pay for shipping. However, the real Ace Hardware warns it “will never ask customers for payment information as part of any survey or promotion.”
This means that if you enter your credit card details, you’ll be giving your payment information directly to scammers. And you can be sure they will charge you far more than the listed shipping fee. Oh, and you will probably never receive the drill, either.
For example, a Redditor fell for a similar Ace Hardware scam involving a space heater. After paying the $6.95 shipping fee, they were later charged an unexpected $70 “membership fee.” The Redditor also never received their space heater, as the scammers claimed they had only entered a sweepstakes and hadn’t actually won the heater after all.
What should you do if you receive a scam Ace Hardware email?
If you receive a scam survey email from an Ace Hardware impostor and don’t click through to the survey, you have nothing to worry about.
If you do click through to the survey and enter your payment information, you’ll want to call your bank or credit card issuer. You’ll need to dispute any fraudulent charges made by the scammers and get a new card.
In either case, you should mark the scam email as spam so your email provider knows it is not legitimate. This will help make sure similar emails get sent straight to your spam folder in the future.
You can also report the email to Ace Hardware’s fraud department by sending it as an attachment to [email protected].
If you want to fight back against the scammers, you can report the domain of the scam site to the domain registrar. The registrar may then decide to suspend the domain, stopping the scammer’s operation, at least temporarily.
To report the domain, you’ll first need to know what it is. In our case, it was utileboards[.]com, but remember the scammers originally hid this by using a URL shortener. If the scam link you received starts with something like tinyurl[.]com/yyyy or bit[.]ly/yyyy then your scammers are also using a URL shortener and you’ll need to enter the link into URLScan.io to find out the real domain.
Once you have the domain, you’ll need to do a Whois lookup to find out who the domain is registered with. To do this, you can go to whoxy.com or another Whois lookup tool and enter the domain. You’ll then want to look for the registrar, as that’s who you’ll need to report the site to. In the case of utileboards[.]com, Namecheap was the registrar.
Next, search for the name of the registrar and “abuse” using your favorite search engine to find out how to report the scam site. For Namecheap, you’ll need to select the type of abuse and then fill out a form. You’ll want to include as much detail as possible, including a screenshot of the scam page from URLscan.io and evidence from URLscan.io and VirusTotal that the page is malicious, for example.
Then you’ll have to wait. The registrar may or may not suspend the domain, depending on the situation. In the case of utileboards[.]com, Namecheap fortunately suspended it fairly quickly.
Even if the registrar suspends the domain, however, they may not let you know. But you can check if it’s been suspended yourself by doing another Whois lookup. If you see “clientHold” or “serverHold” under Domain Status, it’s been suspended. You can then feel really good about making life more difficult for the scammers!
Survey scam emails can look quite convincing at first, but once you know what to look for, they’re easy to spot. If you receive one, don’t click the link. Instead, mark the email as spam. If you want to get your own back on the scammers, consider reporting the domain to the registrar, too.