Issue 144 - December 2012 (1st Edition) - Page 16
Woolworths 'Customer Satisfaction Survey' Phishing Scam
Email purporting to be a "Customer Satisfaction Survey"
from Australian supermarket chain, Woolworths claims that the recipient can receive a $50 gift certificate just for clicking a link and participating in a short 5 question survey.
The email is not from Woolworths and the claim that recipients will be given a $50 gift certificate for filling in a survey is untrue. In fact, the message is a phishing scam designed to trick recipients into divulging sensitive personal and financial information to Internet criminals.
Detailed analysis and references below example.
Last updated: November 19, 2012
First published: August 29, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Customer Satisfaction Survey
You have been selected to access the Woolworths 5 questions Survey and win a $50.00 gift certificate.
Please click here and complete the form to receive your reward. Thank you.
This is an automated message. Please do not reply.
Message Id: 0019268154-wmrtsrv.
This email, which claims to be from large Australian supermarket chain Woolworths informs recipients that they can receive a gift certificate worth $50 just for filling in a 5 question survey. Users are invited to click a link in the message to complete the survey and claim their gift certificate.
However, the message is not from Woolworths and those who participate will certainly not receive a $50 gift certificate or any other reward.
Those who are taken in by the trick and click the link in the email will be taken to a bogus survey page as shown in the following screenshot:
The fraudulent website starts off by asking respondents some generic questions about their satisfaction with Woolworths services. But this supposed customer survey is just the smoke screen designed to fool participants into providing their personal and financial details, ostensibly so that they can be credited with their $50 reward. The second part of the scam page asks for name and address details as well as ID information such as drivers license and Medicare numbers. It then asks users to submit credit card details, including the card's CVV.
All of this personal and financial information will be sent to the criminals running this scam campaign and may subsequently be used to commit identity theft and credit card fraud.
Such survey based phishing scams are quite common and have targeted customers of various other high profile companies around the world including, McDonald's
, Coca Cola
. Companies may sometimes conduct customer surveys that offer rewards to participants such as the chance to go in the draw for a prize. In some cases, participants may receive small fees or other types of minor rewards for offering their opinions and feedback to companies. However, companies are extremely unlikely to pay a substantial cash reward for each and every customer willing to fill in an inconsequential survey consisting of just a few generic questions. Nor would any legitimate company expect customers to provide sensitive personal and financial details via an unsecure web form
Be very cautious of any unsolicited email or text message that claims that you can receive a prize or reward just for participating in
a brief survey. If you receive such a message, do not follow any links that it contains. Some versions may package the bogus survey form as an email attachment, so do not open any attachments that such messages contain. Facebook users are also continually targeted in similar types of scams
that offer valuable ( but non-existent) prizes as bait for survey participants.
McDonald's Survey Phishing Scam Email
Coca Cola Survey Phishing Scam
Westpac 'Quick Survey' Phishing Scam
Difference Between http and https
Facebook Survey Scams
Pages in this issue:
- Jetstar 'Flight Itinerary' Malware Email
- WhatsApp 'Logo Will Turn Red' Hoax
- Christmas Cards for Recovering American Soldiers
- Virgin Money 'Re-Confirm SiteKey' Phishing Scam
- How to Survive a Heart Attack When Alone Hoax
- Facebook Deleting Inactive Users Hoax
- Completely Pointless and Misleading 'Facebook Privacy Notice'
- Absurd Warning - 'LOL' stands for 'Lucifer Our Lord'
- Bogus Prize Offers on Facebook - 'Like and Share To Win'
- Tesco Christmas Voucher Phishing Scam
- DEW Bottled Water Fatal Poisoning Hoax
- ANZ 'Reward for Loyal Customers' Phishing Scam
- Chase Paymentech 'Merchant Billing Statement' Malware Email
- Undertaker - John Cena 'Bloodiest Fight Ever' Survey Scam
- Padlock on Facebook Home Page Hacker Warning Hoax
- Woolworths 'Customer Satisfaction Survey' Phishing Scam
- Target 'Free Gift Voucher' Survey Scam
- Another Pointless Facebook Warning - Hackers Posting Insulting Messages In Your Name
- Fake Tsunami Warning 'News' Report Points to Malware
- Reserve Bank Of India Phishing Scam
- Better Business Bureau 'Complaint Received' Malware Emails