Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

“The King Celebrates Spring” – Fake Coupons by Burger King, KFC and Walmart

Within the last few days our research team could see a spam campaign from the US, offering coupons by fast food chains like Burger King (coupon “THE KING CELEBRATES SPRING!”), Kentucky Fried Chicken (subject: “KFC for Lunch”) and Walmart.

Burger King Mailing including the coupon

Burger King Mailing including the coupon “THE KING CELEBRATES SPRING!”

Fake KFC coupon

Fake KFC coupon

Walmart mailing

Fake Walmart offer: “Free $ 1,000 Gift Card”

Hidden dummy text: Tour de France and World Cup Qualifying

At first sight all coupon mailings might seem genuine: They are well designed and the coupon details, like “Valid for Customer” and “Offer Date”, individualized. But there is one fact that is evidence enough for spam: if you scroll down the email and mark the entire content – you will discover the (before whitened) dummy text:

20130709-kfc-1

Whitened dummy text, KFC mailing.

The goal of these inserted texts is to avoid content-based spam filtering. In the KFC samples we found a whitened CNN news text, the Burger King mailing picked up different news and updates about soccer World Cup Qualifying as tweets.

Coupons from Micronesia, link farms and Geo-IP caching

Senders of these mailings are KFC@privatebusd.pw (KFC), BKBurger@outbusd.pw (Burger King) and Walmart@backjetc.pw (Walmart) – which are certainly fake. .pw is the offical country code top-level domain for the Pacific island nation of Palau – in Micronesia. There is also evidence of geo-IP caching: German users, for example, who try to access these domains (e.g. privatebusd.pw) are automatically forwardedto the German version of YouTube.

By clicking the digital coupon image, you will directly be led to a link farm. The goal of these link farms is to influence search engine results by placinmg as many links as possible to another Website. If additionally there is an affiliate tool used, spammers could even receive money for each click.

Following the digital coupon you will be lead to a link farm.

Following the digital coupon you will be lead to a link farm.

Other coupon mailings our research team discovered, like a special offer by Wendy’s, led to fake competitions where you could win Apple products. But this is is actually just a phishing campaign, to collect customers’ data – and make money out of it.

20130710-wendys2

Sorry for maybe disappointing you, but: there are no free chicken offers or giftcards and – King doesn’t celebrate spring!

Jul 11, 2013 | Security Research & Analysis

You might also like

Phishing with QR codes

,

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...