Would you fill out an email survey, sponsored by McDonalds – if they paid you 250 dollars for completing it? I’ll go out on a limb here and say – yes you would. Just like most offers that sound overly attractive though – this offer is a scam.
This scam is not only plausible, but in appearance, it could easily pass for the real thing. Jump into this one though, and you’ll stand a good chance of losing your credit card information. So, no 250 dollars; just a real messy credit cleanup to look forward to.
Filling out the survey form really isn’t the hook – that comes later.
Clicking on the “proceed” link (this is where you supposedly get the 250 bucks), opens the following screen. All you have to do is provide your credit card details and additional personal information.
If, at this point, you don’t hear a loud warning bell resonating in your head – you’re about to become a cyber crime victim.
To add credibility (and reduce suspicion), victims of this scam are automatically redirected to the official McDonalds site – once the victim’s credit card details have been scooped by the crooks.
In August of 2010, when I first reported on this scam, which was then being “test marketed” by the cyber crooks in New Zealand and Australia, I made the following point –
The rest of us (non Australian or New Zealanders), shouldn’t be complacent because, for the moment, this scam is appearing only in that part of the world. If this scam works there, and I suspect it will work very well, there’s little doubt it will soon be on it’s way to you’re inbox.
Well, here it is in North America and according to the chat on the Net, this time out, the graphics on the survey and phishing pages are loaded directly from McDonald’s own website. You can rightfully accuse cyber crooks of being the lowest form of pond scum imaginable – but you can’t accuse them of not being technically sophisticated.
It’s the same old, same old, though – the first time I came across this scam was in 2006. This type of scam is recycled repeatedly – because it works. Reasonably intelligent people do get trapped by sophisticated scams. Due, in large part, to their failure to take minimum common sense security precautions. Don’t be one of them.
Advice worth repeating:
If you have any doubts about the legitimacy of any email message, or its attachment, delete it.
Better yet, take a look at the email’s headers. Check the initial “Received from” field in the header, since this field is difficult to forge. Additionally, the mail headers indicate the mail servers involved in transmitting the email – by name and by IP address.
It may take a little practice to realize the benefits in adding this precaution to your SOP, but it’s worth the extra effort if you have any concerns.
f you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.