Received this e-mail today.
Please give us only 5 minutes of your valuable time to ask you some questions about our products . Please be aware that we will not ask you about any personal information.
In return, we will credit $90.00 to your account – just for your time.
If you want to answer our simply 8 questions , please click the link below :
(Link removed – see the image above for the link)
Thank you for helping us to become better .
Sincerely, McDonald’s Survey Department.
Please do not reply to this email. This mailbox is not monitored and you will not receive a response.
This is first time I ever saw such kind of e-mail. I never heard of McDonald’s Survey Phishing. However it is not just Survey Phising, it is more than that..
First of all the sender is firstname.lastname@example.org which looks like genuine McDonald’s domain e-mail. So I decided to visit the website http://www.mcdonald.co.uk which turns out to be a redirect to
http://www.halfords.com/webapp/wcs/stores/servlet/ categorydisplay_storeId_10001_catalogId_10151_categoryId_165684_langId_-1? cm_mmc=TradeDoubler-_-Banners-_-TextLink-_-Basic
What is that?
McDonald’s UK website redirecting to Halfords website?
The Halfords link is an affiliate link coming via TradeDoubler Affiliate link?
TradeDoubler is an affiliate system which companies use to promote their products and services and webmaster use it to earn money by promoting the affiliates. I’ve tried TradeDoubler in the past and trust me it is crap.
No the link doesn’t seem to come from Tradedoubler affiliate system. It has been hardcoded to make it look like it is a genuine TradeDoubler link. Nice try ;)
Let’s dig down deeper.
The e-mail came from: [18.104.22.168] (helo=mail1.joymainlife.com) which, as I guessed, is a registered and hosted in China (Hong Kong to be precise).
IP trace gives following details:
22.214.171.124 IP address location & more:
IP address [?]: 126.96.36.199 [Whois] [Reverse IP]
IP country code: HK
IP address country: ip address flag Hong Kong
IP address state: n/a
IP address city: Central District
IP address latitude: 22.2833
IP address longitude: 114.1500
ISP of this IP [?]: New World Telecom Ltd.
Organization: New World Telecom Ltd.
So I hit the great China wall, end of investigation. Nothing more can be done. If it was a UK domain I could have raised complained etc.
So what is the full story?
The e-mail is a phishing e-mail. The survey link goes to a phishing website so don’t click on that link or you will be busted. Most browsers will warn you when you click on that link, however better be safe than sorry and hold fire on your curiosity. Curiosity kills the cat ;) remember that. What happens when you really try hard to visit the phising link?
Anything could happen, you computer might be blown up, or Windows Operating system dies it’s blue death .. etc etc..
Hang on what about halfords?
Don’t know. You better ask Halfords or Tradedoubler and find out by yourself. I’ve to go to bed now, it is too late.