Fraudulent Survey of a Cola Brand

In September 2010, phishing sites were observed spoofing a globally popular cola brand using a bogus survey. The phishing sites were created to target Italian customers of the brand. Here, fraudsters were yet again looking for an alternate means by which to steal sensitive banking information for financial gain.

The first sentence of the phishing site was in Italian which translates to “World of **** Cola [Brand name removed] will reward your account with 150 euros for taking part in our quick, five question survey”. The fake survey consisted of five questions which were asked allegedly to survey customer satisfaction. The questions were:

• How long you have been our client?
• How many times a month do you visit our web page?
• What is your favorite drink?
• Are you generally satisfied with our drink quality?
• Your suggestions / comments / opinions

After selecting the answers and clicking the “Next” button at the bottom of the page, the user is redirected to an acknowledgement page. On this page, a message in Italian is provided that thanked the customer for participating in the survey. The message claims that the survey is important in improving the services provided by the brand and explains that customers are being encouraged to participate by rewarding them. Here, the user is prompted to select one of two popular Italian banks where the reward amount of 150 euros were to be credited. Upon selecting either of the banks, the page redirected to the phishing site spoofing the respective bank. After the login information of the bank is entered to the phishing site, the page redirects to the legitimate bank’s website. In this way, fraudsters were attempting to steal the banking credentials of customers.

Similar fake surveys have been observed in the past targeting  the sensitive banking information of customers. To read more on a similar trend that spoofed a popular fast food brand, please refer to “A Fake Fast Food Survey”. The phishing site was hosted on a legitimate real estate website that was compromised by the fraudster. The site was hosted on servers based in the USA.

Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:

•    Do not click on suspicious links in email messages.

•    Check the URL of the website and make sure that it belongs to the brand.

•    Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link.

•    Frequently update your security software, such as Norton Internet Security 2011, which protects you from online phishing.

Thank you to the blog's coauthors, Ashish Diwakar and Rohan Shah.