14 DAY TRIAL // The McDonald's gift card trick is not new, but it appears to make the rounds on Facebook again, in search of new victims.
Cybercriminals have used this method to lure unsuspecting users into completing online surveys, downloading malicious files or for driving traffic to a specific website and downloading application that are part of an affiliate marketing scheme.
The post comes from a friend, who most likely fell victim to the scam, and advertises a fake promotion from McDonald's for a $250 / €187 gift card. The amount of cards is limited so users are enticed to click on the link taking to the presumed offer.
But before getting the voucher for free lunch, dinner and breakfast, users are not only asked to share the offer with friends on Facebook, as is generally the case with such scams, but also to copy and paste a version of the message to five different Facebook Groups, according to Hoax-Slayer.
Once the crooks ensure the longevity of the deceit, the next step is for them to make some money, by instructing the victim to complete online surveys in order to get the gift card.
In some cases, the victim is asked to provide personal information, such as email address or phone number, which can be used by the cybercrooks to initiate other malicious campaigns or sold to other entities, some of them in the marketing field.
By providing the phone number users risk getting automatically subscribed to premium rate services.
This particular scam is far from being new, as we found traces of it going as far back as 2011. However, what is more worrying is that crooks managed to keep the campaign online in other locations than Facebook.
We found several websites specifically built for redirecting users to locations delivering surveys or malicious software.
Distribution is even done through Google’s YouTube, where we found two videos, from August and Novemeber 2013 promoting the fake campaign.
Another website (bestbrandgiveaways on Blogspot) are alive for the same purpose, and all these locations point to linkjumps[.]com, which redirects to multiple variants of the campaign.
With the websites hosting the malicious activities still up and running, all cybercriminals have to do is drop a message in social networking communities and wait for someone to fall for the trick and start spreading it.
I guess the saying “there is no such thing as a free lunch” still stands, this case being one of the best examples. Something that looks too good to be true does not have to be chewed up right away but scrutinized with the utmost attention first.