Fast Food Outlet Questionnaire Attempts At Stealing Financial Details: Symantec
According to Symantec, the security software giant, its researchers have just found a unique phishing attack trying to get unwitting users to reveal their finance-related details, after it employs one McDonalds sponsored survey as bait.
The scam, reportedly, spread chiefly in New Zealand and Australia, probably because the scammers wanted credit card information of people in these countries.
Also, it involves an e-mail that lures users to complete a questionnaire that mistakenly says that certain fast food outlet promoted the survey from which recipients can earn $90. As such, the questionnaire appears believable, though it has a poorly-looking logo, a strange URL along with error notes accompanying every question.
But if a user follows the URL, he's led onto a fake site which asks for his credit card particulars so that the payment can be deposited. The particulars include card security code or CVV2, which in combination of the user's address, serves the phishers' purpose for executing illegal transactions in the actual card-owner's name well enough.
Notably, however, the site does not seek any Verified by Visa particulars or MasterCard SecureCode. This indicates that the phishers don't find such information useful, possibly because they aren't popularly utilized, and often they aren't mandatory for card-owners to use.
Researchers stated, the hosting source of the site was a hijacked Web-server, while it was very likely that a lot of other servers too were compromised and kept ready.
Said Symantec in a blog post released on August 30, 2010 that the current scam was distinct from the usual phishing attacks wherein the perpetrators frequently spoofed financial institutions, particularly banks, lying that it had been necessary to tentatively disable the user's account and that he required doing something specific to continue using the account.
Furthermore, the security company wrote that it was a relatively new attack in which one branded, trustworthy and irrelevant intermediary fast food outlet was used as a medium to capture sensitive information.
Thus recommends Symantec that users mustn't follow any web-link in e-mails that unexpected senders dispatch as also never post their private details unless they access the site directly.
» SPAMfighter News - 09-09-2010