McDonald’s : Your opinion is very important for us

McDonald's Survey Phishing
McDonald's Survey Phishing

Received this e-mail today.

Dear customer,

Please give us only 5 minutes of your valuable time to ask you some questions about our products . Please be aware that we will not ask you about any personal information.

In return, we will credit $90.00 to your account – just for your time.

If you want to answer our simply 8 questions , please click the link below :

(Link removed – see the image above for the link)

Thank you for helping us to become better .

Sincerely, McDonald’s Survey Department.

Please do not reply to this email. This mailbox is not monitored and you will not receive a response.

This is first time I ever saw such kind of e-mail. I never heard of McDonald’s Survey Phishing. However it is not just Survey Phising, it is more than that..

Read on..

First of all the sender is survey@mcdonald.co.uk which looks like genuine McDonald’s domain e-mail. So I decided to visit the website http://www.mcdonald.co.uk which turns out to be a redirect to

http://www.halfords.com/webapp/wcs/stores/servlet/
categorydisplay_storeId_10001_catalogId_10151_categoryId_165684_langId_-1?
cm_mmc=TradeDoubler-_-Banners-_-TextLink-_-Basic

Humm!!

What is that?

McDonald’s UK website redirecting to Halfords website?

The Halfords link is an affiliate link coming via TradeDoubler Affiliate link?

TradeDoubler is an affiliate system which companies use to promote their products and services and webmaster use it to earn money by promoting the affiliates. I’ve tried TradeDoubler in the past and trust me it is crap.

No the link doesn’t seem to come from Tradedoubler affiliate system. It has been hardcoded to make it look like it is a genuine TradeDoubler link. Nice try ;)

Let’s dig down deeper.
The e-mail came from: [58.64.162.189] (helo=mail1.joymainlife.com) which, as I guessed, is a registered and hosted in China (Hong Kong to be precise).

IP trace gives following details:
58.64.162.189 IP address location & more:
IP address [?]: 58.64.162.189 [Whois] [Reverse IP]
IP country code: HK
IP address country: ip address flag Hong Kong
IP address state: n/a
IP address city: Central District
IP address latitude: 22.2833
IP address longitude: 114.1500
ISP of this IP [?]: New World Telecom Ltd.
Organization: New World Telecom Ltd.

So I hit the great China wall, end of investigation. Nothing more can be done. If it was a UK domain I could have raised complained etc.

So what is the full story?

The e-mail is a phishing e-mail. The survey link goes to a phishing website so don’t click on that link or you will be busted. Most browsers will warn you when you click on that link, however better be safe than sorry and hold fire on your curiosity. Curiosity kills the cat ;) remember that. What happens when you really try hard to visit the phising link?

Dunno.

Anything could happen, you computer might be blown up, or Windows Operating system dies it’s blue death .. etc etc..

Hang on what about halfords?
Don’t know. You better ask Halfords or Tradedoubler and find out by yourself. I’ve to go to bed now, it is too late.


Comments

2 responses to “McDonald’s : Your opinion is very important for us”

  1. From: “McDonald’s Team”
    domain owned by DAVID BLACKBURN
    PO Box 163
    Clitheroe
    Lancashire
    BB7 0DA

    close him down

  2. jody norman Avatar
    jody norman

    I am after haveing a terible experience at mcdonalds this pass week , i live in newfoundland canada and cann’t seem to find a customer service number to call about this issue!!! please e-mail me back with a toll free number thanks!!

Leave a Reply

Your email address will not be published. Required fields are marked *