In the past couple of months, Symantec observed phishing attacks against a major fast food brand. The attacks were carried out through spam mails requesting customers’ answers for a bogus satisfaction survey. The fast food brand is one of the most popular worldwide, so fraudsters sent the spam globally. The spam email states that the brand is planning major changes to their chain of restaurants to improve their quality of service. The mail further states that to implement these changes, customer opinion is required by means of a survey (which is of course fake). Fraudsters try to trick customers by claiming a reward for those who participate in this survey. The spam email contains a link that leads to the phishing website containing the fake survey: In the above example, the phishing website claims to provide an $80 reward for the customer taking part in a quick, 8 question survey. Upon completing the survey, the Web page is redirected to a fake user authentication page that asks for sensitive information such as credit card number and pin number so as to supposedly credit the bogus reward to the customer’s fast food account. The page claims to credit the reward within 3 business days after user authentication and will reflect on the customer’s account history. Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams: • Do not click on suspicious links in email messages. • Check the URL of the website and make sure that it belongs to the brand. • Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link. • Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing. ------------- Note: My thanks to Rohan Shah, co-author of this blog.