They really don’t.
Backing up for context.
Like most, our local supermarket chain–Lucky California and a few other chains under the same ownership–runs occasional contests. Makes sense: free goodies always attract customers.
Most recently, they partnered with Shell for a double whammy: the top prizes (awarded through drawings at the end of the contest) were free groceries for a year* and free gas for a year*. There were also smaller prizes, both for gas and groceries, and–to keep the excitement flowing–instant prizes of merchandise and loyalty program points.
* I’ll come back to what that means.
We always play the games. Why not? We shop there anyway, it doesn’t cost anything to enter, and we’re no more immune to the lure of “free” than anyone else.
Not that we expect to win anything significant. Last time, we won a free bag of chips. We made nachos.
This time, about halfway through the contest, we got an instant win for 50 loyalty points. That’s fine. We collect those, and every couple of months trade them in and get $20 off our next shopping trip. No other instant winners, and when the contest ended, we promptly forgot about it.
Months later, I got an email.
“Congratulations,” it said (with three exclamation marks). “Your online entry…has been drawn for the Groceries for a Year…!”
Let’s see. We’ve got gratuitous exclamation marks and bad grammar. We also have a “click here” link to claim the prize; the link points to a website that is not Lucky Supermarket nor the contest’s special domain. The sender’s email address is shown as being the contest’s domain, but the actual sending system doesn’t match Lucky, the contest, or the claiming website. The contact phone number in the email is not the same as the contact number on the contest website. And the message is signed by “Christine” (no last name).
That last one is actually a point in the email’s favor: most scam-spams include a full name, apparently because the scammers think it conveys respectability. Other evidence pointing to legitimacy: the email addressed me by name–spelled correctly–and my name isn’t part of the email address I’d used in signing up for the contest*.
* That’s by design, and for just this sort of occasion. If an email addresses me by the name in my email address, I can be fairly sure it’s spam.
So I was on the fence.
Contests and sweepstakes are required to keep lists of winners, and according to several online resources, you can sometimes check if your name is on the list by calling the contest sponsor. So I decided to call Lucky’s customer service number. No dice. The guy I talked to was very nice about the whole thing, but he didn’t have a list of winners, and he pointed out that until someone claimed a prize, they wouldn’t be on the list anyway. He suggested I write a letter to Corporate, or check the contest website for a phone number. Given that there’s always a time limit to claim prizes, the letter idea was pretty much dead in the water. And if the website had been compromised now that the contest was over, any phone numbers would be dubious at best.
I did take a look at the recent prize winners page on the website. Three of the four Groceries for a Year prizes had been claimed, and my name wasn’t on the list.
I flipped a coin and decided to take a chance. I filled out the claim form. It wanted my name, address, phone number, email address, birth date, and the address of the store I normally shop at. Since they already had all of that information from when I signed up for the loyalty program, giving it again was no big deal. It also required my SSN. I had qualms, but decided to take the chance.
About an hour later, I got another email from Christine (point in their favor for keeping the same name) thanking me for claiming my prize and asking me to fill out a W9 tax form, since the value of the prize was over $600. Fair enough; gotta keep the IRS happy, right?
I did check the contest website again and my name had been added to the list of winners. That relieved my mind immensely. Highly unlikely that if the site had been hijacked, the scammers would go to the trouble of adding names to it. After all, to make any such scam worthwhile, they’d have to target more than one underpaid writer.
So I filled out the W9 and sat back to wait for my prize.
Which, according to that second email would arrive in 6-10 weeks.
Free groceries for a year sounds great. Slightly less so when you realize the value has been capped. Specifically, it’s limited to $5200. That’s right, $100 a week. To be fair, pre-COVID, our weekly grocery bill did come in right around that number. Now, though, it’s gone up by thirty or forty percent.
Still, free is free, and saving five grand on groceries isn’t anything to sneer at. If food prices don’t go up significantly, the prize should still last us well into 2023.
Oh, and the prize is paid in gift cards. I had visions of receiving a box of 52 $100 gift cards, and wondered if they’d be date stamped, so we couldn’t use more than one a week. But there was that 6-10 week waiting period to find out.
Exactly a month later, I got a “Your package is on the way” notice from FedEx. I didn’t think much of it; I’d ordered several things online that week, so I was expecting to get several of those notices. However, this particular one was odd.
For one thing, the sender was listed as an individual, rather than any of the companies I’d bought from. Odder still, the sender’s address was listed as Modesto, California, but the package was shipping from Buffalo, New York.
That set my scam detector tingling again. Was this some kind of “send some cheap merchandise to a random person, then demand large sums of money under threat of being reported for theft” deal? Or a “forward the package to a third party, and when it arrives we’ll send you a check which will never arrive” game?
So I googled the sender’s name and Modesto. Hey, she’s a marketing manager for Lucky’s parent corporation and the street address is the corporate headquarters. Answers that question. (And no, her name isn’t Christine.)
The cards arrived on my doorstep almost exactly six weeks after I filled out the forms. And no, there weren’t 52 of them. Just eleven: one for $200, the rest for $500 each.
Then I notice the fine print on the back of each card, informing me that the cards need to be activated before use. Nothing in the accompanying letter, much less the earlier emails, suggests this has been done.
Dash off an email to Christine. Three hours later, she writes back to assure me that they are activated. Sure glad nobody intercepted the package–mail theft is endemic around here–or I would have been out my prize with no hope of recourse.
So, finally, we’re happy. But…
Let’s sum up: scammy emails, multiple domains in use with no transparency about their relationships, difficult to confirm legitimacy, lack of consistency between contacts, insufficient information at many steps.
From what I see online, this is typical for online contests. But why? Sure, if it’s hard to claim a prize, the sponsor will save money–most such contests have a “unclaimed prizes will not be awarded” rule–but hardly enough to justify doing it this way on purpose.
Is it possible that the people running these contests have never gotten a spam in their lives? Seems unlikely.
So why do they seem to be going out of their way to seem suspicious? Especially when they could make one simple change that would greatly reduce the awkwardness of the current system.
In order to submit contest entries, players have to have an account on the contest website. So, instead of sending an email directing the winner to a third-party website to file the claim, send one that directs them to sign into the contest website. That site can have the “please click here” to claim your prize.
Granted, it wouldn’t solve all the problems of the current system, but it would be a big step in the right direction.