The survey tactic is not so common in phishing emails

Nov 2, 2011 15:39 GMT  ·  By

Phishing attacks were spotted replicating messages that come from the Regions Bank in the US and the Westpac Bank in New Zealand.

Graham Cluley reveals that the ones he found all include HTML form attachments which the customer is required to fill out with all sorts of details.

While some of the messages threaten the user with a suspended bank account as usually, others offer payment in return for the completion of a survey.

The more interesting survey emails read:

Dear Valued Customer, You have been chosen by our online department to take part in our quick and easy reward survey. Every year, 1,000 members are chosen to take part in our reward survey. At Regions, we want to know how you feel about the products and services we provide. In return we will credit $35,00 to your account – Just for your time! To access our reward survey, download the form attached to this e-mail and open it in a web browser.

The Westpac variant is basically the same only it offers New Zealand currency instead of American dollars.

This approach is highly interesting and while you might think that completing a form about some product is harmless, you can never be certain what actions lie behind the submit button.

However, in this case the cybercriminals weren't that smart, instead they require the victim to supply some identification data which includes social security numbers, card numbers, card expiration, CVV, ATM PIN number and a lot of other information that practically gives away your entire bank account.

Surveys might not be so dangerous, but once you are asked to provide sensitive data, you should definitely think twice before answering the request.

If you already fell victim to one of these scams, immediately alert the financial institution involved and the law enforcement agency that handles these types of crimes.