A Boots phishing scam has targeted approximately 9 million customers, prompting warnings from cybersecurity experts. The scam involves fraudulent emails impersonating the high street beauty brand, offering free beauty sample packages in exchange for completing a customer satisfaction survey.
How the Scam Works
Cybersecurity firm Huntress reported that scammers sent fake emails appearing to come from Boots. The emails used personalized subject lines, including the recipient's email address and random reference numbers, to appear legitimate. Recipients were directed to a realistic fake Boots website where they were asked to provide personal information such as name, email address, date of birth, phone number, and home address, as well as credit card details.
The emails were sent from a compromised small UK business server, where attackers installed Gammadyne Mailer, a legitimate bulk email tool. This allowed the scam to appear more credible.
Boots' Response
A Boots spokesperson confirmed the scam and urged customers to remain vigilant. They stated: “We are aware of the circulation of these emails about the opportunity to purchase/redeem gift sets at very low prices after completing a survey online. This is a scam, and we urge customers to be vigilant. Customers can only purchase items from Boots in stores or online via boots.com.”
Boots emphasized that its own systems were not breached; instead, scammers used compromised third-party infrastructure.
Previous Incidents
This is not the first time Boots has been impersonated. In March 2026, consumer group Which? uncovered a similar scam involving fake survey emails promising prizes.
Advice for Consumers
- Do not click on links in unsolicited emails.
- Verify offers directly on the official Boots website (boots.com).
- Never provide personal or financial details via email links.
- Report suspicious emails to the company and Action Fraud.
Stay alert to protect your personal information from such phishing attempts.
