McDonald’s Email Scam With Fake Survey Goes Viral

There is a McDonald’s email scam with a fake survey attached, making the rounds again on the Internet. Here is what to watch out for.

The cybersecurity company Cyjax has published an updated report detailing an ongoing phishing attack that used over 42,000 maliciously registered web addresses in 2017. Researchers attribute this attack to a Chinese threat actor, “Fangxiaozi,” which translates to “fake imitation.”

The phishing attack begins with emails containing malicious attachments that direct victims to fake websites designed to trick them into giving up sensitive information. Once the victim clicks on one of these malicious files, the malware infects their computer and sends spam emails to contacts within the victim’s address book.

Most Survey Scams Are Coming By Email

These McDonald’s email scams contain malicious hyperlink URLs that direct victims to fraudulent sites masquerading as legitimate businesses. Victims who click on these malicious link URLs are redirected to a website controlled by the attacker. The site then displays a message claiming that the victim should complete a survey about their experience with the targeted business.

A pop-up window asks the victim to provide personal details, including name, email address, phone number, and physical location. After the victim provides this data, the malicious website displays a message stating that the victim has won a prize and directs them to a third-party payment service to donate.

To verify that the victim completed the survey, the attacker then asks the victim to confirm their identity via SMS code. If the victim enters the correct code, they are directed to another URL that allows the attacker to access the victim’s account on the target business’s system. From there, the attacker can steal valuable financial information and access the victim’s bank accounts.

FANGXIAO often changes its domain names to avoid detection by security personnel. During the investigation, the researchers found over 300 unique new domain names created within one day.

There Are No Free Rewards, Only A McDonald’s Email Scam

McDonald's Email Scam SurveyOnce visitors land on landing pages, they should see something compelling enough to keep them reading through the entire article. To do so, we recommend including a CTA button that encourages visitors to take action immediately. If desired, you can also include a link to your homepage to help direct traffic back to your leading site.

After tapping up to four boxes, the user’wings’ gets a reward, usually consisting of a high-value gift card. To win the prize, the user is prompted to share the scam app with their contacts on WhatsApp. Once the user shares the app, the website automatically creates unique links to be shared with contacts via WhatsApp. After completing the progress indicator by pressing the share link 13 consecutive times, the user is redirected to a final page under the control of Fangxiao.

When using different mobile phones and IP addresses, the researchers observed various landing pages, including one that was a McDonald’s email scam, another that redirected to an affiliate site selling Android apps, and another that automatically downloaded malware onto the phone.

Reminder: Do Not Click Random Links

You may be redirected to a malicious app or web page if you click on any of the links. For example, an Android phone might end up downloading a malicious app or going to a fake cleaner instead. Always use the actual McDonald’s website to verify the latest offers also.

According to Cyjax, the phish­ing attack targets people who visit websites affiliated with brands they recognize. However, the attackers don’t gain anything from the attacks aside from taking up their precious browsing time. To prevent themselves from becoming victims of such campaigns, people should be wary of sites serving content on pages not owned by the brand.