McDonald's Phishing Scam: I'm Not Lovin' It
An e-mail is circulating that appears to be some sort of survey from McDonald's along with the promise of a $250 reward for participating. While it would be awesome to get an easy $250 just for letting McDonald's know they have the best French fries of any fast food chain, or that you wish the McRib would be added to the permanent menu, this is really just a phishing scam.
The scam is very similar to another recent phishing scam involving Coca Cola. In fact, the two are almost certainly from the same attacker(s) and were most likely developed simultaneously. AppRiver's Fred Touchette noted something interesting on the Coca Cola phishing e-mails. "One interesting note about this page though is that upon inspecting all of the links on the page I noticed that most of them do in fact link to the Coke website however, four of them at the end in yellow actually link to McDonald's websites. This is either a sign that this phishing page is being recycled from an old McDonald's scam, or it was part of a misconfigured phishing kit."
In a post humorously titled "Fillet O' Phish", AppRiver's Troy Gill describes the phishing scam. "The messages appear addressed from McDonalds Consulting and urge you to follow a link to take the survey. There are only 5 questions that you must answer before you receive your $250 reward. Once you click to submit your answers you are taken to a page that requests your personal information along with your credit card number so that they can "credit your account" the $250 reward."
These McDonald's phishing e-mails have the McDonald's logo, color scheme, and "I'm Lovin' It" tag line emblazoned across the top which give it some semblance of legitimacy. However, there are many obvious issues with the message that should be major red flags.
First of all, the message starts out explaining that it is a "public opinion poll conducted by McDonald's, a non-partisan polling organization." Well, McDonald's is a lot of things, but it is not a polling organization--non-partisan or otherwise.
The biggest red flag, though, should be the part where the survey requests your credit card information so they can deliver your $250 reward as a credit to your account. How exactly would McDonald's deliver on the promised $250 reward for survey takers who don't have a credit card? Better yet, when--in the history of either surveys or credit cards--has any organization asked for your credit card information so it could credit your account?
No. It doesn't work that way. If it were legitimate, McDonald's would issue McDonald's gift cards, or at least some sort of Visa or Mastercard gift card to fulfill the reward, and it would be some sort of drawing--not a scenario where McDonald's is just randomly giving $250 to everyone with an e-mail account who takes 30 seconds to answer a couple questions.
If it's too good to be true, it probably is.