The link that the recipients are instructed to click on takes them to a spoofed Tesco Bank Online Banking login page, where users are asked first to enter their username, and then to share their password, telephone number, email address, email password, "Internet credit card 4 digit PIN" and CVV2 (Credit card Validation Value).
Once all the data is entered and submitted, the victims are redirected to Tesco's legitimate website, and the data is sent to the phishers, who will use it to hijack the victims' Tesco online accounts and email accounts.
Needless to say, those who fell for the trick will never receive the shopping vouchers they wanted.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.