Forged Survey Email by Coca-Cola Directs a Phishing Page
The forged emails started arriving at the inboxes of the users from January 10, 2011 onwards with the title "Happy New Year" in the subject line. The headers of these mails were spoofed in such a manner that they seemed to have been sent from the customers' end at Coca-Cola.
The message enclosed in the mails triggered the readers to take part in a poll by Coca-Cola, which is a non-partisan polling organization. The theme of the poll is concerned about the views of the participant on current events at the national level. For enthusing the participants and provoke them towards participating, the questionnaire is claimed to be as short to consume only 5-7 minutes for the participant.
Besides, participants are ensured about confidentiality about their answers by claiming that these would only be used for research purposes.
On participation, users are promised to be awarded with a $150 and to proceed in this direction, an IP address is forwarded to the recipients. Even though the IP address seems to be legitimate but on opening the same, viewers are confronted with quite a different page, which contradicts with the opinion pool.
This page entails enquiry of all personal details including full name, driver's license number, mother's maiden name, address, date of birth, home phone number, along with full details of credit card. For increasing the credibility, phishers explains the importance of furnishing these details to the victim so that money transfer can be carried on smoothly, but here, instead of $150 offered originally, the stunning amount is £150.
When the "Submit" button is clicked on completion of the questionnaire, all personal details of the victim is shipped off to the phishers immediately and finally users confronts the actual website of Coca-Cola.
However, scrutinizing all the links on the page, it is found that most of them are related to the Coke website though four of them towards the end are linked to the website of McDonald.
Fred Touchette, Security Researcher at Appriver dismisses this phishing act to be either an outcome of an old McDonald's scam or a badly configured phishing kit as reported by Softpedia on January 11, 2011.
Related article: FIRST Reveals Staggering Rise in Computer Hacking in China
» SPAMfighter News - 21-01-2011