Unusual Phishing Scam Disguised as Fast Food Restaurant Survey Aims to Steal Financial Information

Posted on behalf of Nick Johnston, Senior Software Engineer, Symantec Hosted Services

MessageLabs Intelligence has recently seen an interesting variant on normal bank and other financial institution phishing. This particular phish message encourages the recipient to receive 90 dollars by completing a survey sponsored by a fast food restaurant. This scam is different than normal phishing where phishers often impersonate banks and other financial institutions, claiming that the victim's account has been temporarily disabled, requiring some kind of action to restore it. The use of a well-known, unrelated, trusted third-party fast food restaurant brand as a vector for stealing confidential information is relatively new.
It appears that this phish was aimed at users in New Zealand. Our analysis shows that most of the recipients where in Australia or New Zealand, the URL of the site included a.nz, presumably a very poor attempt by the phishers to try to fool people that they were browsing the organization’s legitimate web site. Why New Zealand was targeted is unclear; perhaps the phishers wanted to acquire New Zealand-based credit cards. Nevertheless, this shows the global nature of the phishing problem.
The survey itself seems relatively plausible with eight simple questions, and apart from the unusual URL, poor appearance of the logo and the error messages above each question, it could almost pass as real.
When pressing the "Proceed" link, the (continue reading...)