| The NJCCIC observed a phishing campaign that impersonates several brands, claiming to be invitations to a feedback survey with an exclusive prize for completing it. These phishing emails contain links that use URL shorteners to obfuscate the true malicious destinations, and have subjects such as: |
| Marriott Luxury Pillows 2-piece set from Marriott Car emergency kit Winner Announcement! Claim Your Free Stanley Tool Set from Harbor Freight Claim Your Free Nespresso Vertuo Next Deluxe with Aeroccino 3 and 32 Capsules |
| Upon clicking the provided link, users are redirected to a feedback survey. If completed, they are given the option to claim a reward for their time. The site alleges that a prize is available for free, provided shipping costs are paid. The page also includes comments that appear to be from others who have already claimed this deal. The campaign asks for address information and payment details to complete the order. It also states that there is limited stock available and that only a few minutes remain before the offer is gone, creating a sense of urgency to act. |
| Recommendations |
| Avoid clicking links and opening attachments in unsolicited emails. Confirm requests from senders via contact information obtained from verified and official sources. Users should only submit payment and personal information on official websites. Maintain robust and up-to-date endpoint detection tools on every endpoint. Consider leveraging behavior-based detection tools rather than signature-based tools. Users who submitted payment information to these webpages are advised to contact their banking institutions to report the fraudulent purchases. Report malicious cyber activity to the NJCCIC and the FBI’s IC3. |