Fake KMart Online Survey Promises Cash Prize for Personal Details

Cyber criminals have most recently targeted KMart with their maliciously crafted phishing attacks. KMart is a series of departmental stores that offer discounts, as per the report published by PC1.NEWS on May 6, 2009.

The attack involves an e-mail with caption "You have been selected" sent to probable victims. The message body of the e-mail elucidates the caption by saying that the recipient has been chosen to participate in the KMart Holiday Survey and to receive a gift certificate worth $150. However, the recipient can obtain his prize money by filling in a short survey form that can be downloaded from a link embedded in the e-mail.

But unlike other phishing attacks, the link doesn't take the recipient to a spoofed site of KMart, rather it leads him to an online site which displays the word 'epiqteen,' also depicted in the URL. On this site, the user gets the form pertaining to the survey.

In addition, for transferring the promised prize money to the account of the user, the e-mail further asks for the user's personal information such as name, e-mail address, phone number, PIN number and so on.

And once the phishers capture these details from the user, he is taken back to the actual KMart website so that no suspicion arises in the mind of the user.

Meanwhile, as the phishing scam circulates across the Internet, security specialists advise users to deploy an antivirus that would not only scan files but also websites.

They also remind users to be extremely cautious about e-mails that provide generous offers since it is not possible for companies in general to give such large prize money to their consumers as part of a survey.

Furthermore, the security specialists urge users to peruse the URL in detail. In their opinion, if the URL does not display the precise name of the business organization, then the user receiving the e-mail should become alert.

In the end, users should understand what 'phishing' means so that they can recognize the related scams and avoid becoming ensnared into the same at the very outset.

Related article: Fake Spam Mail Announces Australian PM’s Heart Attack

» SPAMfighter News - 5/15/2009