Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Phony Microsoft Update du Jour | Main | More "Canadian Pharmacy" B.S. »

December 07, 2009

Phony Walmart Survey Phishing

A very simple email message leads to an elaborate bogus web site that will lure many an unsuspecting recipient.

From: Walmart
Subject: Customer Satisfaction Survey

You have been selected to access the Walmart 2 Step Survey and win a $150.00 gift certificate.

Please click here and complete the form to receive your reward. Thank you.

This is an automated message. Please do not reply.
Message Id: 0019268154-wmrtsrv.

The link is to an unused server within the btopenworld (part of what once was British Telecom) broadband service. That destination is a redirector to the actual phishing site.

On the first page is an innocuous survey, which asks for nothing more personal than your name, telephone number, and (optional) email address. The page has a professional design, and may be a copy of an earlier Walmart template. The phishing site's design, however, does not match the current walmart.com web site design. That probably won't stop recipients from pursuing the supposed $150 "gift certificate."

If you fill out the survey form (I strongly doubt the phisher even bothers collecting the name/phone number/email address from the form), you proceed to a page that gets down to the nitty gritty of ripping off your information. This page begins (showing only the text here):

Thank you for taking the time to respond to this survey. In return, we will credit $150 to your account - just for your time.

Please enter your account to credit your $150 reward

Then comes a form that gathers everything a crook needs to take over your credit card and more:

*First name:
*Last name:
*Date of birth:
*Social Security Number:
*Street Address:
*Zip Code:
*Card Issuing Bank:
*Card Number:
*Card Expiration Date:
*Card Verification Value:

If, as reported in previous news articles, people will give up personal and corporate passwords for a real piece of chocolate, imagine what they'd give up for a promised $150 at Christmastime. Anyone who fills out this form with their information will eventually get a lump of coal the next time they open their credit card bill or check their credit report.

Posted on December 07, 2009 at 10:26 AM