Jan 21, 2011 13:16 GMT  ·  By

Security researchers from security vendor AppRiver warn about phishing emails purporting to be part of an opinion poll from McDonald's.

The rogue emails bear a subject of "Survey" and have spoofed headers to appear as if they originate from a [email protected] address.

The message contained within suggests the user was selected to take part in a poll rewarded with $250. It reads:

"You have been selected to participate in a public opinion poll conducted by McDonald's, a non-partisan polling organization.

The poll is about current events at the national level and your views about them. It is short and should take you only 5-7 minutes to complete.

All your answers will be kept strictly confidential and will be used only for legitimate research purposes."

The link to the alleged survey takes users to a McDonald's-themed page with five questions that have nothing to do with "current events at the national level."

Hitting "Next" after the questions are answered leads to a phishing form with fields to input personal and financial information like credit card details.

The users are tricked into believing this is required to receive the reward, but sadly, the information is collected and misused by cybercriminals.

This new campaign follows a nearly identical one spoofing the Coca-Cola Company. In fact, there is enough evidence to suggest the two are the work of the same group of phishers.

According to Troy Gill, a security researcher at AppRiver, there are also some other noteworthy aspects to this attack.

For one, all the graphics on the survey and phishing pages are loaded directly from McDonald's own website. Also, users who submit the form are redirected to the real McDonald's website, to drive their attention away from what happened.