Twist the Cap to Phishing
For those who don't know, the title of this blog is a play on Coca-Cola's latest slogan "Twist the Cap to Refreshment", I've never actually heard it personally, so I wouldn't have gotten it, but now that everyone is on the same page I will go on to tell you about an interesting phishing campaign that we're seeing this morning pretending to come from the Coca-Cola Company.
The email promises the recipient $150 for participation in a public opinion poll. A link is provided that appears to take recipients to the Coca-Cola website - www.CocoCola.Co.UK/Survey_Pool/150Dollar/5-7min/Survey.html, however the link doesn't lead to Coke, but instead initially to http://www.motogear[dot]co[dot]za/images/gift_certificates/ and then through a couple of different redirects before landing at www.raverzone[dot]com where viewers are presented with a website requesting a whole lot of information that I wouldn't feel comfortable sharing with my soda company, even if they were in fact about to give me $150 dollars or £150 pounds as it says on the website. By the way, I'll take the pounds please, that's over twice the amount promised in my email!
Once the "Submit" button is pressed the victims' personal information is then shipped off to the phishers and the viewers are redirected to the real Coca-Cola website. One interesting note about this page though is that upon inspecting all of the links on the page I noticed that most of them do in fact link to the Coke website however, four of them at the end in yellow actually link to McDonald's websites. This is either a sign that this phishing page is being recycled from an old McDonald's scam, or it was part of a misconfigured phishing kit. Don't worry though, we here at AppRiver have thwarted these thieves and have blocked this email and all of its corresponding websites. Remember though, to stay vigilant when you've received an email from someone you don't recognize, or haven't initiated a conversation with. Also, it's a good idea to first mouse over any links to make sure they're going where they say they're going before you click on them.