Tag Archives: McDonalds

McDonalds “Fillet O’ Phishing” Survey Scam

image Would you fill out an email survey, sponsored by McDonalds – if they paid you 250 dollars for completing it? I’ll go out on a limb here and say – yes you would. Just like most offers that sound overly attractive though – this offer is a scam.

This scam is not only plausible, but in appearance, it could easily pass for the real thing. Jump into this one though, and you’ll stand a good chance of losing your credit card information. So, no 250 dollars; just a real messy credit cleanup to look forward to.


Filling out the survey form really isn’t the hook – that comes later.


Clicking on the “proceed” link (this is where you supposedly get the 250 bucks), opens the following screen. All you have to do is provide your credit card details and additional personal information.


If, at this point, you don’t hear a loud warning bell resonating in your head – you’re about to become a cyber crime victim.

To add credibility (and reduce suspicion), victims of this scam are automatically redirected to the official McDonalds site – once the victim’s credit card details have been scooped by the crooks.

In August of 2010, when I first reported on this scam, which was then being “test marketed” by the cyber crooks in New Zealand and Australia, I made the following point –

The rest of us (non Australian or New Zealanders), shouldn’t be complacent because, for the moment, this scam is appearing only in that part of the world. If this scam works there, and I suspect it will work very well, there’s little doubt it will soon be on it’s way to you’re inbox.

Well, here it is in North America and according to the chat on the Net, this time out, the graphics on the survey and phishing pages are loaded directly from McDonald’s own website. You can rightfully accuse cyber crooks of being the lowest form of pond scum imaginable – but you can’t accuse them of not being technically sophisticated.

It’s the same old, same old, though – the first time I came across this scam was in 2006. This type of scam is recycled repeatedly – because it works. Reasonably intelligent people do get trapped by sophisticated scams. Due, in large part, to their failure to take minimum common sense security precautions. Don’t be one of them.

Advice worth repeating:

If you have any doubts about the legitimacy of any email message, or its attachment, delete it.

Better yet, take a look at the email’s headers. Check the initial “Received from” field in the header, since this field is difficult to forge. Additionally, the mail headers indicate the mail servers involved in transmitting the email – by name and by IP address.

It may take a little practice to realize the benefits in adding this precaution to your SOP, but it’s worth the extra effort if you have any concerns.

f you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.


Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, email scams, Malware Reports, Phishing, Windows Tips and Tools

McDonalds Email Christmas Offer is Scroogy Malware

mcdonalds-fries Who’s going to turn down an email savings coupon from that great American institution – McDonalds? The cyber-criminals behind this spam/scam email are counting on the fact that not many of us will turn it down.

Let’s face it – we’re all pretty used to McDonalds wishing us a “Merry Christmas” so getting an email with that heading is likely to entice many of us to “Simply print the coupon from this Email and head to your local McDonald’s for FREE giveaways and AWESOME savings” as the email instructs.


(Pic courtesy of Panda)

According to PandaLabs, Panda Security’s laboratory for detecting and analyzing malware however, you won’t get a coupon, you won’t get “FREE giveaways and AWESOME savings”, but you will get infected by the P2PShared.U worm.

“Once on the computer”, according to Panda, “the worm sends out emails with the same subject and appearance to other users. Finally, it copies itself to folders of various P2P file-sharing programs (eMule, LimeWire, Morpheus, etc.) with names relating to security software, image editing programs, program cracks, etc. This way, any user that tries to download any of these applications will be actually letting a copy of the worm into their computer”.

At this time of the year, we can expect to be bombarded by socially engineered email spam/scam with a Christmas or Holiday Season theme, so be more vigilant than you normally would be.

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable scripting features in email programs

Ensure your anti-virus software scans all e-mail attachments

If you are interested in staying on top of the latest in Internet security news, consider adding Panda Security news to your feed reader by adding the following URL – http://feeds.feedburner.com/PandaSecurity.


Filed under Don't Get Hacked, Email, Interconnectivity, internet scams, Malware Advisories, Online Safety, Safe Surfing, System Security, worms