“The King Celebrates Spring” – Fake Coupons by Burger King, KFC and Walmart

Email SecurityPhishingSpam

Within the last few days our research team could see a spam campaign from the US, offering coupons by fast food chains like Burger King (coupon “THE KING CELEBRATES SPRING!”), Kentucky Fried Chicken (subject: “KFC for Lunch”) and Walmart.

 

Burger King Mailing including the coupon

Burger King Mailing including the coupon “THE KING CELEBRATES SPRING!”

 

Fake KFC coupon

Fake KFC coupon

 

Walmart mailing

Fake Walmart offer: “Free $ 1,000 Gift Card”

 

Hidden dummy text: Tour de France and World Cup Qualifying

At first sight all coupon mailings might seem genuine: They are well designed and the coupon details, like “Valid for Customer” and “Offer Date”, individualized. But there is one fact that is evidence enough for spam: if you scroll down the email and mark the entire content – you will discover the (before whitened) dummy text:

20130709-kfc-1

Whitened dummy text, KFC mailing.

 

The goal of these inserted texts is to avoid content-based spam filtering. In the KFC samples we found a whitened CNN news text, the Burger King mailing picked up different news and updates about soccer World Cup Qualifying as tweets.

Coupons from Micronesia, link farms and Geo-IP caching

Senders of these mailings are KFC@privatebusd.pw (KFC), BKBurger@outbusd.pw (Burger King) and Walmart@backjetc.pw (Walmart) – which are certainly fake. .pw is the offical country code top-level domain for the Pacific island nation of Palau – in Micronesia. There is also evidence of geo-IP caching: German users, for example, who try to access these domains (e.g. privatebusd.pw) are automatically forwardedto the German version of YouTube.

By clicking the digital coupon image, you will directly be led to a link farm. The goal of these link farms is to influence search engine results by placinmg as many links as possible to another Website. If additionally there is an affiliate tool used, spammers could even receive money for each click.

 

Following the digital coupon you will be lead to a link farm.

Following the digital coupon you will be lead to a link farm.

 

Other coupon mailings our research team discovered, like a special offer by Wendy’s, led to fake competitions where you could win Apple products. But this is is actually just a phishing campaign, to collect customers’ data – and make money out of it.

20130710-wendys2

 

Sorry for maybe disappointing you, but: there are no free chicken offers or giftcards and – King doesn’t celebrate spring!

 

Go back