How Survey Scams Are Evolving to Steal Monetary Knowledge

You’ve got in all probability seen them: engaging on-line gives totally free merchandise from manufacturers you belief, like a Yeti seashore chair from Costco or an emergency automotive package from AAA.

All you must do is fill out a fast survey and pay a small “transport payment” of a few {dollars}. However what looks as if a innocent transaction is definitely a classy rip-off with a excessive price ticket.

The KnowBe4 Risk Lab crew has been monitoring a phishing marketing campaign the place scammers use these pretend surveys to steal monetary information. Whereas the preliminary loss might sound trivial (just some {dollars} for transport) the truth is way extra expensive.

The Preliminary Survey Phishing Electronic mail 

Screenshot of a survey rip-off phishing e mail impersonating AAA, considered within the PhishER portal

Above is an instance of a survey rip-off that impersonates AAA, providing the recipient a ‘free’ automotive emergency package reward. All they must do is click on the hyperlink within the e mail which takes them to a pretend web site the place they’re required to fill out a brief survey, pay a small transport payment and obtain their ‘reward’. 

Under are two extra examples from United Healthcare and Costco. The United Healthcare instance is a screenshot of the webpage the recipient could be taken too in the event that they have been to click on the hyperlink in an preliminary phishing e mail. 

Screenshot of the phishing survey web site that impersonates United Healthcare, providing a Medicare Equipment. 

Screenshot of a phishing e mail that impersonated Costco, providing a Yeti Seashore Chair reward. 

In our observe up weblog “The Technical Sophistication Behind the ‘Free’ Reward Rip-off”, we are going to talk about the superior technical components that permit such a seemingly easy phishing e mail by way of legacy detection applied sciences resembling safe e mail gateways (SEGs). 

From a Small Charge to Vital Fraud

While you enter your bank card data for that small payment, you aren’t simply dropping a few {dollars}. As a substitute, you might be giving criminals direct entry to your fee particulars, identify, handle and different private data. This information can then be utilized in a number of methods:

• Unauthorized prices: Scammers could make fraudulent prices in your card, usually for a lot bigger quantities than the unique “transport payment”. You may see a recurring subscription cost you by no means approved or a significant buy you didn’t make.
• Identification theft: The non-public data you present, mixed with the fee information, can be utilized to open new traces of credit score in your identify, entry your accounts and interact in different types of identification theft.
• Promoting your information: Your data is a commodity on the darkish internet. It may be bundled and offered to different criminals, resulting in a cascade of future assaults and fraud.

The Human Motivations Behind the Rip-off

These assaults work as a result of they are not simply technically intelligent, they prey on human nature. The small transport payment is a key a part of the deception. It is a basic “foot-in-the-door” approach. The quantity is so insignificant that our normal defenses towards monetary fraud do not activate. We predict, “It is solely two {dollars}; what is the hurt?” This small dedication makes us extra prone to full the transaction and supply our delicate data.

The surveys themselves are designed to maintain you engaged utilizing a number of tips:

• Urgency and shortage: Countdown timers and messages like “Solely 3 gadgets remaining!” create a way of urgency, pressuring you to behave earlier than you could have time to suppose.
• Belief and authority: When scammers use well-known model names like UnitedHealthcare, they’re exploiting the authority bias heuristic. That is our tendency to routinely belief and observe the recommendation of authority figures or manufacturers we understand as reliable, with out critically evaluating their claims. 
• Progress and funding: A progress bar makes you are feeling such as you’ve already invested time within the survey, making you extra prone to end it to see the “reward”.

Defending Your self 

You’ll be able to shield your self by being skeptical of any supply that appears too good to be true, even from a model you belief. Reputable promotions hardly ever ask for bank card particulars for a really free merchandise. As a substitute of clicking hyperlinks in emails, go on to the corporate’s official web site to confirm the supply. And keep in mind, the actual price of a “free” reward may be far better than the value of transport.

For a deeper dive into how these criminals are bypassing safety instruments, learn our technical breakdown within the weblog, “The Technical Sophistication Behind the ‘Free’ Reward Rip-off”.