I’ve seen a lot of phishing emails over the years, but I recently received one that used an unusual tactic. Instead of asking me to confirm my payment details or update my password, this one offered me a free premium toothbrush.
I can see how this would catch people off guard, but like all phony emails, this promises something you’ll never get. Keep an eye out for this one hitting your inbox.
The “free” toothbrush offer
This email purports to come from a health insurance provider’s rewards program and offers a free toothbrush to help improve your dental hygiene. Initially, this seems reasonable—some healthcare plans include discounts on health and hygiene equipment. However, when you look at the details, the fake becomes clearer.
Screenshot by Ben Stegner; no attribution required
Mention of “United Healthcare Smile Rewards” is the first red flag. This isn’t the name of UnitedHealthcare’s (UHC) rewards program; the real one is called “UnitedHealthcare Rewards”.
The company stylizes its name as “UnitedHealthcare”, which this email doesn’t do.
The subject line is also strange; “November 1 Network Status Check” sounds like it would accompany a phishing email asking you to confirm your password, not offering a toothbrush.
It has telltale signs of other phishing emails: the sender’s email domain is @smoothcubans.com, which has nothing to do with UHC. A strange address is CCed. The greeting uses “Member” instead of a specific name, and “United Healthcare Services” isn’t a way the actual company refers to itself. The email formatting is generic, and there are no official logos embedded.
I didn’t realize it at first, but this email uses the same format as the constant “cloud storage full” emails I’ve been getting for months. Unlike those, the address at the bottom does match a location associated with UHC. Gmail hasn’t been sending those to spam, despite my marking them as such every time. This one initially hit my inbox, but was later moved to spam.
While I was writing, I got a second, similar email offering a free toothbrush from another brand (not sent to spam). This sender seems to have found a hole in Gmail’s spam filters, as I’ve never gotten this much consistent garbage in my inbox before.
Checking out the “free” offer
Out of curiosity, I wanted to check out what the scheme was, so I could document it. Most phishing setups are obvious, but this one had me wondering.
I opened the link in a virtual machine for safety; it redirected to a website with a messy name. The page promised a “chance to win” a “dental kit”, which was different than the free toothbrush the email promised.
Screenshot by Ben Stegner; no attribution required
Like with many fraudulent websites, there was an alert pressuring you to act fast because the offer expired today. The “reviews” all had today’s date on them and were incredibly generic; amusingly, one review mentioned not getting a prize even though it was “such a cool survey”. It’s a clear sign you can’t trust a review when the site controls them like this.
This site is a good reminder that just because a site has a “secure page” lock, it doesn’t mean it’s trustworthy. You can have a secure connection to a site that’s lying to you—the certificate only means your information is encrypted in transit.
If you scroll down, you’ll see a copyright notice that doesn’t name any company, which is suspicious. There’s also a note saying “Third-party offers linked to this survey may have additional requirements, such as entry fees or subscription enrollment”. And as we’ll see, this is the crux of the scam.
Screenshot by Ben Stegner; no attribution required
I proceeded through the survey, which asked general questions like how you feel about UHC and how happy you are with its services. Upon completing it, I was offered a dental kit worth $522 for “free”—I just had to pay shipping.
The terms of the “offer” going back and forth between a contest and a free giveaway were another sign of this being shady. Legitimate companies will have clear terms for their giveaways so they don’t get sued for misrepresentation.
Screenshot by Ben Stegner; no attribution required
Just pay shipping… and a whole lot more
Clicking the button to claim my prize led me to a new website where I was asked to fill out my details. A widget showed 5 in stock, which slowly dropped as I waited (to create a fake sense of urgency).
Screenshot by Ben Stegner; no attribution required
After the fake details, I was asked for my credit card to cover the cost of shipping. The box promised an additional $2.36 off when paying with Mastercard (or “Master Card” as it was improperly stylized in the dropdown box). I imagine this is to help push people to finish the scam process, in case they suspect something is up at this point.
I tried random numbers for the credit card field and a check appeared, but I didn’t want to go any further. Instead, I clicked the Terms & Conditions link at the bottom to investigate more.
Screenshot by Ben Stegner; no attribution required
Check the terms (or else)
The terms laid out the full story of the scam, as the first two paragraphs explain what you’re on the hook for.
An “exclusive welcome bonus” promises a $125 gift card to the “Best Consumers Gadget Club”, but a quick search reveals that nothing by this name exists. Regardless, you’ll be charged “full price” every month if you don’t cancel within three days.
Screenshot by Ben Stegner; no attribution required
There’s a second charge: a 45-day trial of the “#1 Fitness App” on the web (which isn’t named). If you don’t cancel by calling the number, you’ll start paying for a subscription to that bogus service, too.
Other than here, these scam subscriptions are only mentioned in that fine print I called out above. The scammers (accurately) assume that nobody is going to read the terms and conditions. If you enter your payment details, you’ve agreed to sign up for a bunch of garbage you don’t need.
Notice how they spread the two subscriptions out, which is insidious. The first one fires after three days, at which point you might contact your card provider and complain about a fraudulent charge. But the fitness app charge doesn’t occur for 45 days, at which point you’re likely to have forgotten about this ordeal.
If you don’t watch your card statements, you might even think you’re paying for a legitimate subscription. You shouldn’t pay for subscriptions you don’t need, let alone fake ones that provide nothing.
Treat all random emails as shady
While the initial email sounds plausible, alarm bells should go off once you see the lousy survey website and are asked to enter your credit card details for an item you were initially told was free. Another common factor with dangerous sites is their bogus URLs; in this case, the survey URL was gibberish, and the “free item” page had a generic name.
Neither site’s URL pretended to be from UHC, but that company isn’t doing itself any favors in this realm. Rather than using subdomains of the main website for offshoot pages (like my.uhc.com or chat.uhc.com), it has a unique URL for every website (like myuhcfp.com and uhcglobal.com).
This means there’s no clear relation between sites, and it’s much easier for fakes to blend in. With the above URLs, it’s much harder to realize that a made-up one like “myuhcplan.com” is fake.
We discussed the warning signs that appear throughout this process, but the scammers hope you move quickly (because you have to act now!) and ignore those. Remember that random emails promising free items are a huge red flag, and you should look around websites carefully to see if they’re legitimate.
If you call for a scam like this, you should be able to contact your card provider to get the money back, since it was taken dishonestly. But it’s better to identify these schemes and run away long before that stage.
