Surveys are enticing, and so are survey scams. But they’re easy to recognize if you know what to look for, according to Paul Ducklin at Naked Security. Ducklin describes a typical survey scam that Sophos spotted recently. The scammers impersonate well-known brands and offer a reward to users that fill out a survey. Real companies use these surveys as well, but the rewards from a legitimate survey are very small, such as a coupon for your next order.
The fake survey asks generic, innocuous questions that could apply to any business, and allows the user to choose their answers from multiple-choice panels. Throughout this process, the site displays the text “38 visitors on this page,” and “6 rewards left” to induce a sense of urgency. After completing the survey, the user is informed that they’ve actually won an expensive prize, such as a free iPhone.
At the final page, however, it’s revealed that the user will have to pay one dollar as a delivery fee before they can receive their prize. To do this, they’ll be asked to enter their name, address, and credit card information, which will be sent straight to the scammers.
Ducklin stresses that no matter how tempting the deal is, you should leave the site if you sense anything out of place. Even if you don’t see any warning signs, the moment a site asks you to enter any sensitive information should be your cue to leave.
“Remember, if you are taking a survey and you see anything that doesn’t add up – anything at all – then you need to get off the website right away before you get sucked into giving away any personal information,” Ducklin writes. “Legitimate companies and genuine surveys should be clearly explained in advance, so if the goalposts move half way through, you’re being scammed.”
Ducklin adds that common sense, awareness, and level-headedness is usually all that’s needed to defeat these types of scams.
“There is no free iPhone,” he says. “Or Android, or tablet, or laptop. There just isn’t. Stores don’t hand out $1000 mobile phones in return for you telling them whether you think they should stay open later. They just don’t. Follow your head and not your heart.”
New-school security awareness training can help your employees recognize social engineering tactics and avoid falling for scams.
Naked Security has the story: https://nakedsecurity.sophos.com/2020/06/22/anatomy-of-a-survey-scam-how-innocent-questions-can-rip-you-off/
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
