Boots impersonated in phishing scam targeting nearly 9m shoppers
16th June 2026
Kieran Howells
Boots has reportedly been impersonated in a large-scale phishing campaign that targeted nearly nine million email inboxes, according to cybersecurity firm Huntress.
The scam promised shoppers a free Boots beauty sample pack in exchange for completing a short customer satisfaction survey.
Victims who clicked through were taken to a realistic-looking fake Boots storefront, where they were asked to hand over personal information including their name, email address, date of birth, phone number and home address.
They were then prompted to enter payment card details under the pretence of covering a delivery fee.
Huntress said Boots’ own systems do not appear to have been compromised. Instead, the fraudsters used other trusted infrastructure to make the campaign appear more legitimate.
The emails were sent from a compromised small UK business server, where the attackers had installed Gammadyne Mailer, a legitimate bulk email tool often used for newsletters.
Huntress said the small business was unaware its server had been compromised.
The cybersecurity firm found the campaign after the company installed its security software on 15 May.
It said the attackers had staged six recipient lists containing 8,894,920 email addresses and were in the process of sending the scam emails when the activity was detected.
Huntress said it isolated the network and blocked almost 30,000 outbound SMTP connections in 104 seconds, although it could not confirm how many messages had already been sent.
The scammers also avoided using an obviously suspicious website. Instead, they broke into the real website of Bolivia’s Instituto Plurinacional de Estudio de Lenguas y Culturas, a government cultural institute, and hosted the fake Boots pages in a “boots_store” section of the site.
Huntress said the use of an official government domain helped the scam appear credible, while making it more likely to pass automated spam filters and less likely to raise suspicion among victims.
The phishing emails impersonated “Boots hello@boots.com” and used personalised subject lines, including the recipient’s own email address and random reference numbers, in an attempt to make each message look more convincing.
The campaign may also form part of a wider UK-facing scam operation. Huntress said artefacts found in the attackers’ working folder appeared to point to other campaigns linked to HMRC and cryptocurrency themes.
Boots has been used as bait in similar “free gift” scams before. Earlier this year, fact-checking charity Full Fact warned over false Facebook posts claiming the retailer was offering premium mini perfume sets to people who completed a survey.
The incident highlights how major retail brands are increasingly being exploited by criminals to make phishing campaigns appear more trustworthy.
While the Boots brand was used to lure victims, the attack appears to have relied on compromised third-party infrastructure rather than a breach of the retailer itself.
Huntress said it has shared its findings with Bolivia’s national cybersecurity authority.
Click here to sign up to Retail Gazette‘s free daily email newsletter
EcommerceNews
Bootscyber securityPhishing scamscam
Leave a Reply
Your email address will not be published. Required fields are marked *
Fill out this field
Fill out this field
Please enter a valid email address.
Post Comment
EcommerceNews
16th June 2026
Kieran Howells
Share:
Boots impersonated in phishing scam targeting nearly 9m shoppers
Boots has reportedly been impersonated in a large-scale phishing campaign that targeted nearly nine million email inboxes, according to cybersecurity firm Huntress.
The scam promised shoppers a free Boots beauty sample pack in exchange for completing a short customer satisfaction survey.
Victims who clicked through were taken to a realistic-looking fake Boots storefront, where they were asked to hand over personal information including their name, email address, date of birth, phone number and home address.
They were then prompted to enter payment card details under the pretence of covering a delivery fee.
Huntress said Boots’ own systems do not appear to have been compromised. Instead, the fraudsters used other trusted infrastructure to make the campaign appear more legitimate.
The emails were sent from a compromised small UK business server, where the attackers had installed Gammadyne Mailer, a legitimate bulk email tool often used for newsletters.
Huntress said the small business was unaware its server had been compromised.
The cybersecurity firm found the campaign after the company installed its security software on 15 May.
It said the attackers had staged six recipient lists containing 8,894,920 email addresses and were in the process of sending the scam emails when the activity was detected.
Huntress said it isolated the network and blocked almost 30,000 outbound SMTP connections in 104 seconds, although it could not confirm how many messages had already been sent.
The scammers also avoided using an obviously suspicious website. Instead, they broke into the real website of Bolivia’s Instituto Plurinacional de Estudio de Lenguas y Culturas, a government cultural institute, and hosted the fake Boots pages in a “boots_store” section of the site.
Huntress said the use of an official government domain helped the scam appear credible, while making it more likely to pass automated spam filters and less likely to raise suspicion among victims.
The phishing emails impersonated “Boots hello@boots.com” and used personalised subject lines, including the recipient’s own email address and random reference numbers, in an attempt to make each message look more convincing.
The campaign may also form part of a wider UK-facing scam operation. Huntress said artefacts found in the attackers’ working folder appeared to point to other campaigns linked to HMRC and cryptocurrency themes.
Boots has been used as bait in similar “free gift” scams before. Earlier this year, fact-checking charity Full Fact warned over false Facebook posts claiming the retailer was offering premium mini perfume sets to people who completed a survey.
The incident highlights how major retail brands are increasingly being exploited by criminals to make phishing campaigns appear more trustworthy.
While the Boots brand was used to lure victims, the attack appears to have relied on compromised third-party infrastructure rather than a breach of the retailer itself.
Huntress said it has shared its findings with Bolivia’s national cybersecurity authority.
Click here to sign up to Retail Gazette‘s free daily email newsletter
Social
SUBSCRIBE TO OUR DAILY NEWSLETTER
SUBSCRIBE FOR FREE
Most Read
Poundstretcher rescued as court approves restructuring plan 15th June, 2026
Mike Ashley ramps up takeover spree with £166m Accent Group bid 16th June, 2026
Aldi to launch 16 new UK stores with £370 million investment 16th June, 2026
Boots impersonated in phishing scam targeting nearly 9m shoppers 16th June, 2026
M&S poaches Woolworths tech boss to lead digital overhaul 16th June, 2026
Most Read
Poundstretcher rescued as court approves restructuring plan 15th June, 2026
Mike Ashley ramps up takeover spree with £166m Accent Group bid 16th June, 2026
Aldi to launch 16 new UK stores with £370 million investment 16th June, 2026
Boots impersonated in phishing scam targeting nearly 9m shoppers 16th June, 2026
M&S poaches Woolworths tech boss to lead digital overhaul 16th June, 2026
EcommerceNews
Bootscyber securityPhishing scamscam
Leave a Reply
Your email address will not be published. Required fields are marked *
Fill out this field
Fill out this field
Please enter a valid email address.
Post Comment
RELATED STORIES
Previous
DEPARTMENT STORES
Six recent retail rebrands
13/10/2025 x 3:22 PM
APPOINTMENTS
Depop names Peter Semple as CEO
28/07/2025 x 9:43 AM
DEPARTMENT STORES
Debenhams Group close to securing debt deal with former owner
24/07/2025 x 8:59 AM
ECOMMERCE
Ellis Brigham reduces WISMO enquires by 14%
16/06/2026 x 10:30 AM
5 MINUTES WITH...
ASOS’s Melissa Lim breaks down new AI Stylist app experience
02/06/2026 x 4:47 PM
BIG INTERVIEW
Forget chatbots, the real AI retail revolution is happening behind the scenes
29/05/2026 x 11:22 AM
ECOMMERCE
Amazon opens Alexa shopping tech to retailers with new AWS agentic AI tool
28/05/2026 x 10:58 AM
ECOMMERCE
ASOS expands menswear offer with nine new brands including Gap
28/05/2026 x 8:44 AM
COMMENT
Opinion: The infrastructure gap in agentic commerce – payments are ready, disputes are not
27/05/2026 x 6:56 PM
BIG INTERVIEW
Haypp’s ecommerce director May Pan on building trust in a crowded category
12/05/2026 x 6:52 AM
ECOMMERCE
River Island launches on M&S marketplace amid turnaround push
11/05/2026 x 8:13 AM
ECOMMERCE
John Lewis launches MyJL Beauty for loyalty members
08/05/2026 x 10:33 AM
ECOMMERCE
Changing shopper behaviour becomes top priority for 91% of UK retailers
08/05/2026 x 5:10 AM
BIG INTERVIEW
Noli founder takes us inside the L’Oréal-backed startup trying to remove the guesswork from beauty
07/05/2026 x 4:16 AM
ECOMMERCE
GameStop tables £41bn takeover offer for eBay
05/05/2026 x 8:29 AM
APPOINTMENTS
Debenhams Group appoints Paul Aspden as CTO to scale marketplace tech and AI push
20/04/2026 x 8:56 AM
ECOMMERCE
As The Works axes its ecommerce arm, how can physical stores compete with online in 2026?
30/03/2026 x 12:26 PM
ECOMMERCE
Very Group plans £2bn auction launch
09/01/2026 x 3:03 PM
ECOMMERCE
The Very Group announces takeover by US investment firm Carlyle
10/11/2025 x 8:42 AM
ECOMMERCE
Shein bans sale of sex dolls after child exploitation concerns
04/11/2025 x 8:45 AM
DEPARTMENT STORES
Six recent retail rebrands
13/10/2025 x 3:22 PM
APPOINTMENTS
Depop names Peter Semple as CEO
28/07/2025 x 9:43 AM
DEPARTMENT STORES
Debenhams Group close to securing debt deal with former owner
24/07/2025 x 8:59 AM
ECOMMERCE
Ellis Brigham reduces WISMO enquires by 14%
16/06/2026 x 10:30 AM
5 MINUTES WITH...
ASOS’s Melissa Lim breaks down new AI Stylist app experience
02/06/2026 x 4:47 PM
BIG INTERVIEW
Forget chatbots, the real AI retail revolution is happening behind the scenes
29/05/2026 x 11:22 AM
ECOMMERCE
Amazon opens Alexa shopping tech to retailers with new AWS agentic AI tool
28/05/2026 x 10:58 AM
ECOMMERCE
ASOS expands menswear offer with nine new brands including Gap
28/05/2026 x 8:44 AM
COMMENT
Opinion: The infrastructure gap in agentic commerce – payments are ready, disputes are not
27/05/2026 x 6:56 PM
BIG INTERVIEW
Haypp’s ecommerce director May Pan on building trust in a crowded category
12/05/2026 x 6:52 AM
ECOMMERCE
River Island launches on M&S marketplace amid turnaround push
11/05/2026 x 8:13 AM
ECOMMERCE
John Lewis launches MyJL Beauty for loyalty members
08/05/2026 x 10:33 AM
ECOMMERCE
Changing shopper behaviour becomes top priority for 91% of UK retailers
08/05/2026 x 5:10 AM
BIG INTERVIEW
Noli founder takes us inside the L’Oréal-backed startup trying to remove the guesswork from beauty
07/05/2026 x 4:16 AM
ECOMMERCE
GameStop tables £41bn takeover offer for eBay
05/05/2026 x 8:29 AM
APPOINTMENTS
Debenhams Group appoints Paul Aspden as CTO to scale marketplace tech and AI push
20/04/2026 x 8:56 AM
ECOMMERCE
As The Works axes its ecommerce arm, how can physical stores compete with online in 2026?
30/03/2026 x 12:26 PM
ECOMMERCE
Very Group plans £2bn auction launch
09/01/2026 x 3:03 PM
ECOMMERCE
The Very Group announces takeover by US investment firm Carlyle
10/11/2025 x 8:42 AM
ECOMMERCE
Shein bans sale of sex dolls after child exploitation concerns
04/11/2025 x 8:45 AM
DEPARTMENT STORES
Six recent retail rebrands
13/10/2025 x 3:22 PM
APPOINTMENTS
Depop names Peter Semple as CEO
28/07/2025 x 9:43 AM
DEPARTMENT STORES
Debenhams Group close to securing debt deal with former owner
24/07/2025 x 8:59 AM
Next
1
2
3
4
5
6
7
Most Read
Poundstretcher rescued as court approves restructuring plan 15th June, 2026
Mike Ashley ramps up takeover spree with £166m Accent Group bid 16th June, 2026
Aldi to launch 16 new UK stores with £370 million investment 16th June, 2026
Boots impersonated in phishing scam targeting nearly 9m shoppers 16th June, 2026
M&S poaches Woolworths tech boss to lead digital overhaul 16th June, 2026
Latest Feature
Edikted and Shaftesbury Capital: Brand identity is perfect for Carnaby Street
Read More