Fillet O' Phish
Phishing attempts have been making their way across the internet at record numbers lately. One message campaign that we found early this morning uses a unique social engineering tactic to trick people into giving up their personal information (including credit card info). These messages pose as a survey from McDonalds and for your participation you are promised a $250 reward. The emails and the following phishing pages all utilize McDonalds graphics pulled directly from their website to give the appearance of a legitimate survey. The messages appear addressed from McDonalds Consulting and urge you to follow a link to take the survey. There are only 5 questions that you must answer before you receive your $250 reward. Once you click to submit your answers you are taken to a page that requests your personal information along with your credit card number so that they can “credit your account” the $250 reward. Of course this is where the blackhats are waiting to collect your information for use or possibly for resale. After submitting your info you are redirected to the real McDonalds website, which is designed to decrease suspicion that you were just phished.
Here is the message and succession of pages:
All of our SecureTide customers are secured from this email threat as are our SecureSurf customers using our secure web filtering technology.