CyberSecurity Awareness Month Tip One: There are no Gift Certificates

While many corporations have great spam filtering, quite a few small businesses and individuals still deal with a deluge of spam on a daily basis.  For some time now, a particular group of criminals have been stealing your personal information by fraudulently offering “Gift Cards” to various things.

Just in the last day, we’ve seen Gift Card spam for Amazon, Discover, Target, and Walgreens.

Although it doesn’t seem like it, none of these spam messages have anything to do with the sponsoring organization.  There is also absolutely no chance that these spam messages will lead to you receiving a Gift Card, or anything else of value.  So what is their purpose?  These spam messages are sent to try to get you to provide personal information to criminals who enrich themselves by stealing your data and selling it to others.

In each case, after forwarding you through several intermediate places, you end up at a Survey, fraudulently branded to represent the spam campaign you clicked on.  Note that ALREADY AT THIS POINT, the criminals have your email address, and know that you have an interest in the brand they have chosen.  When you click on Amazon, the first time you touch the survey, you are revealing “My email address is (your email here) and I click on spam messages about Amazon!” (or Discover, or Target, or Walgreens…)

All of the surveys are exactly the same, although each is branded a bit differently and there are not just dozens but HUNDREDS of websites that have all been registered for these scammy surveys.

The Amazon survey and the Walgreens survey are on the website “powerclub .xyz” (created on 21SEP2017).  The Discover survey is on “rewardsurveyscenter .com” (updated on 29AUG2017).
The Target survey is on “healthmarket .xyz”  (created on 25SEP2017).  All use a privacy service in the Cayman Islands to protect THEIR personal information while they steal yours!

We’ll just look a bit more at the Discover one as an example.  The survey consisted of seven questions, asking your gender, whether you had the Discover mobile app installed, whether you were happy with your FICO score, whether you thought your interest rate was too high, and some questions about customer service from Discover.

 

What is the point of the survey, since they have no intention of providing you with a gift card?
They want to be able to sell your contact information to other people, as is made plain in their privacy policy:
By the way, there IS no address for the Online Privacy Coordinator listed at the end of the Privacy Policy.  Oops!

After completing the survey, instead of receiving a gift card, you have the opportunity to subscribe to one of several offers.

A Testostone Booster, a Skin Cream, a Garcinia Cambogia diet supplement, e-Cigarettes, or a “Male Enhancement” that promises to make you “Get Bigger, Last Longer, and Stay Harder.” Sadly, the only thing anyone might actually want, the Apple iPad Pro, is “Out of Stock” (and always will be.)

The fine print, by the way, warns that if you take the free product, they will bill you at the full price every thirty days until you find a way to make them stop.  And, similar to the Online Privacy Commissioner, there are few hints about what that telephone number may be.

*** This is a Security Bloggers Network syndicated blog from CyberCrime & Doing Time authored by Gary Warner, UAB / PhishMe. Read the original post at: http://garwarner.blogspot.com/2017/10/cybersecurity-awareness-month-tip-one.html