Who knew a telecom company could be so generous?
Over the past few years, thousands of British Telecom customers have received a computer popup offering them free gifts, including anti-aging skincare products, an e-cigarette vaping kit and weight loss supplements. To snag the swag, all they have to do is complete a short online opinion survey about BT products and services, then provide billing information to pay minor shipping fees for their free gift.
Rather than receiving free stuff, customers who filled out the survey have ended up with some big headaches instead. In an online forum, one BT client noted that although he only agreed to pay minor shipping charges, “I found out I had tied myself into a monthly debt of £28.71 for an item which was supposedly free.”
In the same web forum, other BT clients report being “inundated with spam or other popups” after completing the survey and/or providing payment information to cover shipping charges. After contacting BT to complain about the incidents, the victims learned BT has absolutely nothing to do with any of it.
“Unfortunately, this type of scam is becoming more commonplace,” says Chris Pike, vice-president of IT at Allstream.
Like BT, Allstream has been alerted to cases of similar survey scams popping up on its customers’ computers. Other service providers have also had their corporate names and logos used fraudulently in sham online polls. Consumers are more likely to trust (and fall for) offers that appear to come from their ISP.
Fraudsters try to match up the company name in the survey with whoever is providing the victim’s Internet connectivity, Pike explains. “Unfortunately, it isn’t something that we at Allstream have any control over.” That’s because the scam originates from third parties and succeeds when victims unwittingly supply their own financial information to the perpetrators.
These fake surveys carry other risks besides spam, popups and credit card charges, however. “Many times these popups are caused by malware or spyware installed locally on a PC,” says Pike.
Survey spotting: real or fake?
What makes this scam so scary is that many companies do, in fact, ask their customers to take legitimate online surveys as part of quality control management. So how can you tell if a survey is real or fake?
Walmart Inc. customers have been hit with so many fake surveys that the retailer has posted a list on its website of telltale signs to look out for: misspelled words, poor grammar, awkward phrasing, outdated logos or branding, fine print disclaimers that the offer is not legally associated with the company named in it, or requirements that you share the survey with friends before you can collect rewards.
Walmart also reminds shoppers that it never asks them to provide passwords, social security numbers, bank account details, credit card numbers or other financial information via email. Think about it: if you’re an existing customer of Company XYZ, shouldn’t they already have all your billing info?
Hover your cursor over the survey’s originating email address and website URL links to see if they match up with those used by the authentic company. Run a quick Google search on any survey offer to find warnings from legitimate companies (and their customers) who may have been duped by the ruse already.
Protect your computer
If you get any popup or unsolicited online survey that comes with a reward offer, it’s always safest to steer clear. “We obviously advise customers not to respond to the scam,” Pike says. That means close the popup window, leave any web pages it redirects you to and don’t fill out the survey.
There are free resources available online, such as Apple’s tips for blocking popups and enabling fraudulent website warnings in Safari. Apple also warns that since “some popups and ads have fake buttons that resemble the close button,” you can try closing the Safari window or tab instead of the popup itself.
Clean up the mess
If the popups persist, “our recommendation would be to utilize a malware removal program and check internal security and endpoint protection,” says Pike.
Make sure your computer is running security software, do a scan for infections and keep the software up to date with the latest versions and patches.
The independent infosec forum MalwareTips.com has posted a step-by-step tutorial on how to uninstall survey malware from Windows and reset related default settings in Chrome, Firefox and Explorer browsers.
Finally, don’t stay silent. If you notify the company whose corporate identity has been impersonated in a survey scam, it can warn other customers. Then fewer people will get taken in by taking fake surveys.