New Phishing Attacks Offer Cash

An e-mail message designed to look like a solicitation from Citizens Bank promises a $5 cash reward for completing an online survey.

A new kind of phishing attack made its debut over the weekend, and experts say this is the first time that online scammers have offered cash to entice recipients into responding to their ploys.

The new e-mail emerged in the last two days and is designed to look like a solicitation from Citizens Bank. The message asks recipients to complete an online survey, and in return, recipients will supposedly get $5 credited to their accounts.

But, in order to receive the credit, each user must enter his ATM card number and PIN, something that no legitimate bank mailing would ever require. Experts who have seen the messages and analyzed the code behind them say that the scam is being hosted by ISPs in England and the Netherlands.

The e-mail message, titled "Citizens Bank instant $5 reward survey," carries accurate logos and branding information for Citizens, but there are a number of grammatical errors in the text that mark it as a scam.

This attack is one of the few times that phishers have strayed from their tried-and-true method of trying to scare recipients into falling for their scams with messages saying that users accounts have been compromised or need to be updated to avoid cancellation. Offering a cash incentive for responding to a message takes the scams to an entirely new level, and experts predict that such attacks will likely meet with tremendous success.

/zimages/3/28571.gifClick here to read more about the continuing war against phishing.

"This attack will have a very high capture rate as it changes the game and is a much better con. Five dollars is not a small amount. For a legitimate offer from my bank, Id fill out a survey for $5," said Bill Franklin, president of Zero Spam Network Corp. in Coral Gables, Fla., a managed services provider that was able to stop the new attacks. "Once again the game keeps changing—this is a pretty bad development."

Most of the developments and advancements in phishing scams have been technical ones, as scammers have learned new coding tricks and ways to plant Trojans on recipients machines. But some attacks also have been refining their social engineering repertoires.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.