The link that the recipients are instructed to click on takes them to a spoofed Tesco Bank Online Banking login page, where users are asked first to enter their username, and then to share their password, telephone number, email address, email password, "Internet credit card 4 digit PIN" and CVV2 (Credit card Validation Value).
Once all the data is entered and submitted, the victims are redirected to Tesco's legitimate website, and the data is sent to the phishers, who will use it to hijack the victims' Tesco online accounts and email accounts.
Needless to say, those who fell for the trick will never receive the shopping vouchers they wanted.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.