Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Email Moebius Strip | Main | Another Spammer D'Oh! »

September 27, 2006

Wal*Mart Phishing

What's more popular than eBay and PayPal together? Wal*Mart!

That's why a new phishing scam I saw today is so potentially ruinous to lots of folks. Here's how it works:

An email message bearing the Wal*Mart logo (served up from walmart.com, no less) arrives with the following content:

Dear Customer,

CONGRATUALTIONS!!
You have been chosen by WAL*MART online department to take part in our quick and easy 5 question survey.
In return we will send $35 to your confirmed Credit Card - Just for your time!
This survey has been sent only to a few people from our random generator!

Helping us better to understand how our customers feel, benefits everyone. With the information collected we can decide to direct a number of changes to improve and expand our online services.
This information you provide to us is all non-sensitive and anonymous - No part of it is handed down to any third party groups.

We kindly ask you to spare two minutes of your time in taking part with this unique offer!

To Continue click on the link below:

https://www.walmart.com/cservice/survey?customersurvey=546

Sincerely,

Wal*Mart Online Service

Email PID: 546

Copyright 2006, Wal*Mart. All rights reserved.

That link is what the user sees. Behind it, in the HTML, is the true link, which goes to a hijacked site belonging to a California high school track team. Here's the page you'll eventually see there:

Walmart phishing page

Millions of trusting folks shop at Wal*Mart. If they receive this phishing message, they probably won't be able to discern that it's not coming from Wal*Mart. The prospect of getting 35 bucks for filling out a survey is too much to resist.

If this one spreads, it will trap an awful lot of innocent victims. Please spread the word to everyone you know.

Posted on September 27, 2006 at 11:23 AM