Steering Clear of Malicious Online Surveys

Many online surveys are actually scams designed to harvest the financial or personal data of those who participate. Links to these malicious surveys are often included in phishing emails and text messages. The links have also been found on websites.

To avoid falling victim to these scams, you'll need to know how they work and how to identify them before you provide any sensitive data.

How survey scams work

The primary targeting method used by survey scammers involves sending large numbers of phishing emails and unsolicited text messages to potential victims in the hope that some will click on embedded links to their surveys. Whether the links are placed in messages or in websites, the accompanying information often includes the name of a trusted brand. When those targeted see the names of trusted and well-known brands, they are more likely to click on the links and be taken to the malicious surveys.

In December of 2022, many of the scam messages included the name Cadbury, a well-known maker of chocolate treats. The name of the retail giant Costco was also observed in some of the survey messages identified in 2022.

The scammers' messages often promise some sort of reward to those who complete the online surveys. The messages that incorporated the Cadbury name, for example, promised that those who clicked on the link and completed short surveys would receive a "Christmas Chocolate Magic Basket." Offering a reward that will never be delivered is a common practice of these criminals.

Many of the surveys are designed to trick participants into providing sensitive personal or financial data that the criminals can then use to perpetrate crimes up to and including identity theft. After completing the surveys, some victims actually found that malicious software was installed on their devices. This software could include keyloggers that track the users' keystrokes, thereby enabling criminals to steal sensitive information, including payment card data and login credentials for banking and other financial accounts.

How to avoid becoming a victim

Spelling and grammatical errors are common characteristics of malicious messages. Known brand names used in these messages may also include easily overlooked typographical errors (i.e., Goog1e). These are clear warning signs indicating that the messages came from scammers.

Criminals often attempt to convey a sense of urgency in their messages. If you see language that indicates you must act right away or that includes an upcoming deadline, beware. Scammers are attempting to convince you to act without doing any research to find out whether their claims are valid. They rarely include a "contact us" link in their malicious email messages for those who have questions. A quick search relating to the message could reveal multiple complaints indicating that it is likely from a bad actor.

The rewards offered by scammers may seem too good to be true. When you receive a message or see an ad on a website that promises some significant reward for your participation in a short survey, don't click the link.

Expand the header on suspicious emails and check the From field. The underlying address may be nothing like the sender's name displayed in the message.

You can also hover over URLs to display the underlying links. Criminals will often use shortened links that appear to be legitimate but will take you to a malicious site at a URL that is totally different from the one embedded in the message.

Final thoughts

It only takes a moment to scrutinize suspicious messages using the information provided herein. Clicking on a link and participating in a malicious survey could end up costing you dearly. Business owners and managers should also train their employees to recognize and avoid these scams, as the criminals may be looking for data that would allow them to compromise company resources.

*** STAY SAFE and SECURE ONLINE ***