A researcher at security software giant Symantec has discovered a new type of phishing attack that attempts to lure unsuspecting victims to give up financial information by using a survey.
A researcher at security software giant Symantec has discovered a new type of phishing attack that attempts to lure unsuspecting victims to give up financial information by using a survey sponsored by a fast food restaurant chain.
The e-mail encourages recipients to fill out a survey, which erroneously states a fast food restaurant sponsored, and make a quick $90.
After filling out the survey of eight simple questions and clicking on the "proceed" button, users are directed to enter their credit card information to receive $90. To process the request, the payment Web page asks for the payment card's security code, or CVV2, usually found on the back of most cards.
"This scam is different than normal phishing where phishers often impersonate banks and other financial institutions, claiming that the victim's account has been temporarily disabled, requiring some kind of action to restore it," writes Nick Johnston, a senior software engineer at Symantec Hosted Services. "The use of a well-known, unrelated, trusted third-party fast food restaurant brand as a vector for stealing confidential information is relatively new."
(With the mid-term elections upon us in the United States, remember phishers like to spoof campaign contribution Web pages too, see "The Potential Dangers of Online Contributions .")
The scam was directed at e-mail users in Australia and New Zealand, possibly because the cybercrooks are interested in credit card numbers from those countries, theorized Johnston.
Regardless, "this shows the global nature of the phishing problem," he writes.
The phishers were crafty enough to try and pass off the Web site as legitimate by altering the URL to make it look like it was coming from New Zealand—with the country code top-level domain as "a.nz" rather than the authentic ".nz". Aside from the altered URL, there were other key tip-offs that this e-mail was fishy. First, the logo of the fast food restaurant was blurry. Second, an error message appeared above each survey question.
Johnston notes that the phishing site was taken down shortly before MessageLabs Intelligence discovered it, noting that its effect could have been limited. Nevertheless, he writes, "the site was hosted on a compromised server, and it's quite likely that the gang had many more compromised servers ready."
As always, to avoid becoming a phishing victim, never click on links in e-mails from unusual senders and never give up personal information unless you travel to the Web site by typing out the URL yourself.
♦ Screenshots by Symantec/MessageLabs Intelligence