Phishers always think out of the box, thinking of ways to fool victims into falling for their phishing schemes.
Now, from targeting financial institutions and banks, we’ve found a new twist – one that involves the popular fast-food chain McDonald’s.
The phishing page displays a fake Member Satisfaction Survey, and for the customer to take the bait, it promises $75 credit to the customer’s account.
Figure 1. Fake McDonald’s survey (original image includes the widely recognizable McDonald’s logo at the upper left, and an image of Ronald McDonald, the fastfood chain’s mascot, holding a lit bomb)
After filling out all the required information for the survey, the customer will be asked for full name, email address, credit card number and electronic signature.
Figure 2. Getting cash for almost no effort may prove irresistible for users.
This isn’t the first time a bogus survey has used in a phishing attack. Surveys related to Wal-Mart, American Airlines, and even U.S. President-Elect Barack Obama were previously used to collect personal information from potential victims.
Also, similar to this phishing attack on McDonald’s, all surveys promised some form of reward to anyone who will participate on the survey. This clearly shows that cyber criminals are taking advantage of users’ tendency to try and save up as much money as they can, especially this holiday season.
The phishing site is now blocked by Trend Micro Smart Protection Network.