New Phishing Gimmick Targets Coca-Cola

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Add Coca-Cola to the ever-expanding list of high-profile companies being targeted by malicious spam designed to elicit unsuspecting consumers' most sensitive personal information for the purpose of perpetrating identity theft.

Security software vendor AppRiver this week detected a new phishing scamdisguised as a public opinion poll that uses the lure a $150 cash reward for completing the survey.

Scams of this sort have become an almost daily occurrence, according to leading anti-virus software vendors, targeting the likes of PayPal, Whole Foods, Appleand dozens of other popular online and bricks-and-mortar retailers.

In almost every instance, the come-on offers people either cash or gift cards in exchange for filling out forms requesting a variety of personal data including their mother's maiden names, driver's license numbers and credit card or bank account details.

This latest example of unsolicited email-based malwarepurports to be from Coca-Cola which the scammers have almost laughably identified as a "non-partisan polling organization" in the offending email.

"The poll is about current events at the national level and your views about them," the bogus email continues. "All of your answers will be kept strictly confidential and will be used only for legitimate research purposes."

It further entices potential victims with the promise of $150, thus the supposed need for respondents' credit card information in order to facilitate the deposit.

Of course, that never happens.

As AppRiver security analyst Fred Touchette explains, once the link is clicked users are redirected through a number of websites before landing at a malicious site hosting the survey.

This particular scam is a sloppy one and, according to Touchette, demonstrates how lazy or inattentive some hackers have become.

"One interesting note about this page though is that upon inspecting all of the links on the page I noticed that most of them do in fact link to the Coke website however, four of them at the end in yellow actually link to McDonald's websites," he said.

"This is either a sign that this phishing page is being recycled from an old McDonald's scam, or it was part of a misconfigured phishing kit," he added.

Once victims click the "submit" button, their information is sent to the phishers and users are then redirected to the official Coca-Cola website.

Touchette and other security software experts advise consumers to install and update appropriate security applications, never open links or attachments contained in unsolicited emails and to mouse over any links they come across to ascertain exactly where the link will take them before making that fateful click.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.