If you were recently invited to participate in a brief survey from Dick’s Sporting Goods, in exchange for a free Yeti cooler, you are not alone.
The emails are a scam, so don’t click on them. If you do click, then definitely don’t provide your credit card information to ship the phantom prize. If you already did pay the fee, then get your card replaced right away. And we’re sorry to inform you that a $325 cooler will not be heading your way.
Email scams are nothing new, but the Yeti cooler caper is notable for how many people it actually reached, in an era when email providers catch nearly all spam and usually warn users about emails from suspicious accounts. This one eluded spam filters and was shown to users with no warning.
It’s impossible to gauge the scam’s true scope, but references to spammy Yeti cooler promotions abound on Twitter, first appearing around September. Dick’s Sporting Goods even warns customers about the scam on its website.
The unlikely success of the scam appears to be the result of a breakthrough by spammers in their cat-and-mouse game with email providers, coming at a time when Gmail appears to have intentionally let its guard down. Google, which operates Gmail, the world’s largest email provider, didn’t respond to a request for comment.
Analyzing one of the emails reveals a sophisticated attempt to evade spam filters by disguising it as a totally different and innocuous email. Text in the raw email content appears designed to exploit how Gmail reads such files and to slip the Yeti cooler promotion past Google’s typically watchful eye.
Meanwhile, the emails appear to come from real Microsoft Outlook email addresses, making them harder to detect as spam. A human inspecting the email address should be able to tell it’s suspicious, and definitely not from Dick’s Sporting Goods. But to a computer, they look like real emails. And most humans don’t take the time to look more closely.
The scam may also have benefited from changes to how Gmail identified spam in the run-up to the US midterm elections. Google, facing baseless accusations that it more aggressively filters emails from Republican campaigns, has proposed changes that would allow all political emails to get through to their recipients. It’s not clear how Gmail’s filters have changed as a result or if the Yeti cooler scam’s success is related, but The Daily Dot saw enough smoke to declare, “Gmail Spam Filter Not Working? Blame Republicans.”
For Dick’s, which is the leading sporting goods retailer in the US, and Yeti, the maker of trendy insulated water bottles and coolers, their inclusion in the scam is a mixed blessing. Having your would-be customers ripped off is objectively
bad, and a threat to your reputation. On the other hand, it’s a clear indication that Dick’s is a trusted brand and that Yeti makes desirable products. Similar scams in the past involved Lowe’s and other home improvement stores, suggesting there’s a lot of trust in that sector. And scam giveaways often use Apple products as their lure. So Yeti can take solace in that.
Incidentally, you can buy a real Yeti cooler on Dick’s real website, but it will cost you.