Friday, January 10, 2014

Target Database Breach "Phishing" Email leads to . . .

Several folks that also do security research called and texted and Facebook messaged today asking if we had seen "the New Target Phishing email"? We're normally pretty good folks to ask about that sort of thing, since Malcovery Security has both a Spam Data Mine, which is often a good source for such messages, and our PhishIQ system. I thought if it existed to the point that there was "buzz" about it, I should have hundreds of copies. But I didn't. I had three. Kinda.

Here's what the emails actually looked like.

I'll tell you what it does in just a minute.

By the way, if you find phishing sites and aren't sure what to do with them, we LOVE collecting phish! Use Malcovery's PhishIQ Report Phish page to send us any links!

Target Gift Card Spam

When I ran my search, I found all of the "normal" Target spam. People love to use Target to convince people to give up their personal contact information through the "Impossible to get Gift Card" scam.

We've blogged about Gift Card spam and related malware on several occasions including:

  • Cyber Monday 2010 - when we warned about scams using Victoria Secrets and Oliver Garden gift cards. In that scam you have to complete a series of "tasks" in order to earn your gift card, after going through several steps where you think you have "won" something. The final tasks back then were things like "Stay three nights in a Red Horse Inn hotel's luxury suite" or "buy a new car from General Motors!" but LONG before you found out about those tasks, the criminals already had your email, home address, cell phone number, and your agreement to let them share that data with other marketing firms.

  • A Day in the Life of Spam (2009) - in that blog I tried to fully categorize 10,583 spam messages received on October 4, 2009. 28 of the emails were "Giveaway gotchas" -- gift cards, plane tickets, cell phones, laptops that you had "won" if you would just perform some tasks.

  • We also told you about the Member Source Media LLC case where the FTC fined Chris Sommer $200,000 for running his spam scam where he sent email for "Free Products that Weren't Free".

So, today, I wasn't surprised to see spam with subjects and senders like these:

Share Your Opinion. Do you Love TargetShopping OpinionShoppingOpinion@ramblerose.info
Share Your Opinion. Do you Love TargetTarget Shopping SurveyTargetShoppingSurvey@ramblerose.info
Shopped Target LatelyShoppingOpinionShoppingOpinion@ramblerose.info
Special: Snag a $100 Target Gift Card!SavingCenterUSASours@frigidfiz.com
Complete the Target Shopping SurveyShoppingOpinionShoppingOpinion@ramblerose.info
Chance to Get a $100 Target Reward! Complete Sponsor OffersSavingCenterUSABakewell@frigidfiz.com
Back to School Savings - get a $100 Target Gift CardSavingsCenterUSAKeels@coldfiz.com

Here's what these usually look like (or at least the more high end ones):

Target Phish? Not really ...!

All of those are normal, everyday occurrences. But these caught my eye!

Alert to Target Shoppers - your identity is at risk.Local Alerttps0128@yahoo.com

So what happens if you click on the links in the email? Let's find out!

Here's the Fiddler capture of the redirect stream: So, clicking on the link where it says "Has your identity been stolen - CLICK HERE to check the database" or where it says "CHECK TO SEE IF YOUR IDENTITY HAS BEEN STOLEN - CLICK HERE NOW!" takes you through a chain of "automatically redirected" websites:

  • www.mb01.com
  • www.maxbounty.com
  • khvx.secoptim.com
  • rewardzone.surveyblogonlne.com

All of those numbers out next to the URLs? Those are the Affiliate Codes and Redirect Codes, so the scammers can make sure to direct you to the correct scam and to make sure the right spammer gets credit for his hard work stealing your time, money, and possibly identity.

and then your "Political Opinion Survey" starts up . . .

The Fine Print

Before we go win our $1000 Shopping Voucher, make sure to read the fine print on that one . . .

rewardzone.surveyblogonlne.com is not sponsored by or affiliated with This Website. This Website has not authored, participated in, or in any way reviewed this advertisement or authorized it. The trial products offered on the last page pay this website for leads generated. *Free trial offers may require shipping and handling. See manufacturer's site for details as terms vary with offers.

You'll also want to pay special attention to

How Do We Use The Personal Information?

How Do We Use The Personal Information?

We may use the Personal Information for any legally permissible purpose in our sole discretion Ad Serving Companies

We may use third party ad networks or ad serving companies to serve advertisements on our websites. We may pass the Personal Information about you to these companies so that they can deliver targeted advertisements that they believe will be of interest to you. The information passed to these companies may include, but is not limited to, your IP address, e-mail address, name, mailing address, telephone number, date of birth, gender, and any other information you provide to us. Web pages that are served by these companies will be subject to their own applicable privacy policies, if any.

Marketing Partners

We may share, license or sell your Personal Information to third parties for various marketing purposes, including their online (e.g., e-mail marketing) and offline (e.g., telemarketing, cell phone text messaging, skip tracing, and direct mail) marketing programs.

That's just part of it, there are many additional things they can do with your data!

Back to the Survey

There was a third question, but you get the idea. I finish question 3, it congratulates me and then sends me to get my reward! Wait? Where is the Target Gift Card? Well, I guess $1,000 shopping voucher at Sears/JCPenney/Kohl's/Macy's will have to do for now. Oh! And there is only ONE remaining! I better snag that!

By our Fiddler trace, you can see that we've just been handed off from one Affiliate marketing program to another. We are leaving the "rewardzone" system, and headed to the "shopping-sweepstakes.com" system, with "t.afftrackr.com" making sure that everyone is going to get paid for their participation in scamming us.

So, here we go ... we said we wanted the $1,000 Sears/Macy's/Kohl's/JCPenney card, so we choose one and start our NEXT survey

After it "calculated my eligibility" it asked me for my email address. I accidentally hit "Back" then and now it is begging me not to go!

Oh goodie! More prizes! Hey? Wasn't I supposed to be getting $1,000 from JCPenney? I just got a big pay cut for all my hard work here. But that's cool, I shop at WalMart too. I'll take $150 Walmart card, I guess . . . Oh. Actually, our Fiddler tells us that we've swapped systems again...We're now on at www.marktflow.com.

But wait! We ALWAYS read the fine print!

Got that? You must complete 2 silver, 2 gold, and 8 platinum offers ... WITHIN ONE CALENDAR DAY! So, it's 6:00 PM for me now, so I have 6 hours to do all the offers, or I get NOTHING.

In case the website goes down later, here's a local copy of some of the "example offers" that you have to finish TODAY!

OK? Let the Privacy Rape Begin!

Here comes the personal information extract . . . first, we're going to need a PHONE NUMBER, EMAIL, BIRTHDATE, and GENDER. Why? Because $150 Walmart Gift Card, that's why!

OK, you get the point. . . I have 13 more questions to go . . . see the Progress Bar? We are SO CLOSE to getting our gift card! Let's skip through the rest of the questions for now, but ask yourself, "what is likely to happen now that I've told these people that I have a house, a car, I'm planning to move, I like to go on vacation, I have a pet, an active checking account, and at least $15,000 in debt, as well as the next 13 questions . . .

  • Are you currently employed full time?
  • Are you interested in continuing your education?
  • Do you have health insurance?
  • Do you ever pay out of pocket for prescription drugs?
  • Do you smoke?
  • Does anyone at your home suffer from Asthma?
  • Back Pain?
  • Diabetes?
  • Joint Pain?
  • Sleep Apnea?
  • Anxiety or Depression?
  • Have you had a colonoscopy?
Remember. This guy has your email address and your telephone number. Whew! At least our 20 questions are done, right?

And then we start getting all the pop-up offers!

Wait! My home address? My birthday? Oh yeah, I forgot...they have to ship me my Gift Card, so of COURSE they need my home address! Duh!

Just in case though, it might be worth noting in Fiddler that we are no longer talking to MarktFlow. Through T.AffTrackr.com (passing along the credit so the right scammers keep getting paid) we are now seeing offers from "www.offersfromqh.com" associated with "www.qualityhealth.com".

FINALLY! All I have to do is confirm my Email Address (I gave them a valid email: privacyrape@gmail.com wonder if it will start getting spam?) and now I will have my card! It says right there this is the Last Step, right?

Not quite. "YOU MUST INSTALL TO CONTINUE?" What am I installing?

My favorite part there, see the part where it says "I want to earn points for searching the web?" Make ShopAtHome.com my Default Search Provider. Make ShopAtHome.com my Default New Tab. (So, every time your browser opens a new tab, you reload the SearchAtHome.com website. How convenient!)

NOW, All I have to do it complete those 2 Silver, 2 Gold and 8 Platinum offers!

So, I have to EITHER buy a set of Santoku Cooking Knives, (which I can return and keep one $100 knife for FREE!) or sign up for CreditReport.com. I already have a Credit Report service, so I guess I'll buy the knives. That's one down!

Now I can either get Vitamins (don't believe in them), Dr. Seuss Book Club (don't have kids at home), Amora Coffee (I drink Starbucks and already have a local roaster's coffee delivered to the house), a Hunting Knife (I don't hunt), Disney Movie Club (no kids at home), or M-Go Movie Rentals (I already have NetFlix AND Hulu). Hmmm. $150 Walmart Gift Card though ... Shoot. I guess I'll buy some Dr. Seuss books for my nieces.

Wait ... The Gold Offers are mostly the Silver offers I didn't want! And I have to buy TWO of them! I can choose from M-Go movie rentals, a Non-stick ceramic skillet (only $79.95), Dr. Seuss book club sign-up, Disney Movie Club sign up, Sedona Beauty products sign up, or Amora Coffee sign up. Well, I don't have kids at home, and already have NetFlix, I'm already beautiful, and I already have coffee delivered to the house, so I guess I go for the Ceramic Skillet. Cool! It comes with free scissors! ($79.95 plus shipping) and . . . shoot I guess you can never have too much coffee!

Wait. I have to do EIGHT Platinum Offers?? Hmmm... I already bought the knives as my Silver, so I guess I buy the MuscleXLerator, because $150 Walmart Gift Card, and . . .

Oh heck. I'll take the Free Hunting Knife, Sign up from Freester.com, Get ProtectMyID by Experian (don't you wonder if these companies know so many of their referrals are from criminals? I wonder if they care?) Pimsleur Language Learning, because my Rosetta Stone has been on my shelf for two full years and I still can't speak Mandarin, (speaking of heavily spam-advertised products! Pimsleur! Shame on you!) How many is that . . . Shoot. I still need three more.

Well? I guess I'll get ActionProWhite teeth Whitener so I can have that inhuman glow in the dark smile, Join the Disney Movie Club (I can cancel at any time) and well, I do have a lot of wrinkles around my eyes, but that's because I smile so much. Come on Sedona Beauty Secrets!

NOW THAT, Ladies and Gentlemen, is How you get a Free $1000 Target Gift Card, except they actually plan to give me a $150 WalMart gift card instead . . . *IF* I complete 2 Silver, 2 Gold, and 8 Platinum tasks.

$1000 Target Gift Card? Tell the Spammers No Thank You!