Warnings have been issued today not to complete a customer satisfaction survey that appears to come from McDonald's and promises cash for your answers. A bit like fast food itself, something that looks appetising and promises a quick fix is often not actually that good for you.
IT security and data protection company Sophos has today warned members of the public not to complete a customer satisfaction survey that promises cash in return for completing what claims to be a questionnaire about fast food originating from the McDonald's chain.
The survey is being spread by an email spam campaign of some considerable size, and purporting to come from the 'McDonald's Survey Department' using a subject line of 'McDonald's Customer Survey'. The full text of the email reads : "Dear customer, Please give us only 5 minutes of your valuable time to ask you some questions about our products. Please be aware that we will not ask you about any personal information. In return, we will credit $90.00 to your account - just for your time. If you want to answer our simply 8 questions, please click the link below. Thank you for helping us to become better. Sincerely, McDonald's Survey Department. Please do not reply to this email. This mailbox is not monitored and you will not receive a response."
If someone opts to take the survey, they are then asked to provide a bunch of personal information as well as their credit card details in order for a $90 cash payment to be made by way of a thank you for taking the time to complete the survey. Needless to say, it's a scam.
"Exploiting online surveys is a popular way for scammers to make money as legitimate customer satisfaction surveys are increasingly common" said Graham Cluley , senior technology consultant at Sophos. "Although it's not unusual to be offered a reward or the chance of a prize for completing an online survey, a legitimate questionnaire will never ask you to part with your card details. I'm afraid anyone hoping to receive the cash from this survey is more likely to have their account emptied by the spammers."
DaniWeb asked Graham how people could spot if an online survey is genuine, here's what he told us: "It's hard for the man in the street to tell the difference. Some of these scams are very sophisticated and don't make elementary spelling mistakes and use well known logos and branding intelligently. So it's hard to tell with the naked eye. Furthermore, some brands may use a third party to do the survey for them (perhaps hosting it on a third party site) so it can be tricky to tell if a survey is legitimate or not by looking at the domain name being used too."
Graham told DaniWeb that the best way to tell if something is a scam or not is to apply the following three step rule:
Does it sound too good to be true?
How would that company have got your email address? Do you regularly do business with them in such a way as they might have your contact details?
What information are they asking for? If anyone ever asks you for your passport and credit card details then you should be smelling something very fishy!
Finally, we asked Graham if Sophos was seeing evidence that scammers are moving away from the more traditional online banking scams and instead using the lure of big consumer brands?
"Definitely. Many phishers are now designed to ensnare social networking users, web email users, etc.. I think many people are more on their guard about online banking phishing (simply because they've hit so often by it), and may be unaware that hackers are just as keen to break into your Facebook and Hotmail accounts."
Sophos recommends that companies protect themselves with a consolidated solution which can defend against the threats of spam, hackers, spyware and viruses.