Last week we reported about the existence of a Facebook scam that was trying to trick users into visiting various websites by promising them $500 gift vouchers from Woolworths. Now, the Australian supermarket chain’s reputation is once again used in a malicious campaign.
It all starts with an email entitled “Customer Satisfaction Survey” which reads: You have been selected to access the Woolworths 5 questions Survey and win a $50.00 gift certificate. Please click here and complete the form to receive your reward. Thank you.
Those unfortunate enough to fall for it and click on the link are taken to a webpage that displays a standard survey with questions such as “Do you think Woolworths employees are friendly and helpful?”
However, the fact that the user provides the answers to the five questions isn’t the main issue, Hoax Slayer notes
In order for the $50 (€40) credit to be added to their accounts, customers must provide their personal details, including name, address, suburb, postal code, driver license, Medicare card number, individual reference number, date of birth, credit card number, expiration date and CVV.
Once the Continue
button is pressed, all this valuable information is stored in a database owned and controlled by the cybercriminals who run the campaign.
To ensure that they can trick as many people as they can, the phishers added the following message to the top of the malicious webpage: Only one survey per credit card is allowed. If you own multiple cards you can run the survey again for each.
This way they can obtain the details from multiple credit or debit cards from one single victim.
Those who have already fallen for this scam and provided the fraudsters with their details are advised to immediately contact the card issuer. The large amount of information could also be used to commit identity theft, which is why we recommend victims to contract the services of a company that deals with fraud prevention.