Cybercriminals have revived an old time, online swindle using new tools and techniques to fool the unwary into falling for what is a sophisticated and large scale fraud. The scam is a fake survey and its big, targeting customers in over 90 countries and using popular brand names to steal users’ personal and payment data.

Fraudsters attempt to snare their victims by distributing invitations to take part in surveys to win a non-existent prize. Over 120 well-known brand names have been used to lure people. Victims are baited via contextual advertising, advertising on legal and rogue sites, SMS, mailouts and pop-up notifications.

The scammers register look-alike domain names that are similar to the genuine brands they are imitating. The fake ads, mails, pop-ups and SMS notifications are also customised to deliver tailored content to specific users. A malicious link in the ads, messages or mails can only be opened once. This makes it hard to track down the cyber villains.

In order to claim the prize victims have to part with personal information such as full name, email, postal address, phone number, bank card data, including expiration date and CVV. Some are even asked to pay a tax or test payment to receive the prize.
  • Many of the brand names used in the scam have been retailers and telco companies.
  • It’s estimated to date that the potential victim pool is near 28 million.
  • Clearly any type of online offer or giveaway that requests personal information such as bank card data, expiration date and CVV number is by definition a fraud.
  • Any request for this type of information is a huge red flag and should get your fraud antenna twitching with alarm.
The scale and sophistication of the fraud clearly indicates a lot of thought and planning has gone into the scam which in turn suggests a capable organised cyber-crime group is behind it. And they have done their sums.

If only 1% of the targeted near 28 million fall for the swindle that is still 280,000 people. If each person is defrauded by an average of only £200 the crooks are looking at netting a staggering £56 million. Of course victims can, and often are, defrauded for much larger amounts than £200.