STOP. SENDING. SURVEYS. FROM.
-
STOP. SENDING. SURVEYS. FROM. THIRD. PARTY. SERVICES.
It looks sus as ducks having something from randomsurvey.co.uk come through on behalf of YourCompany with every domain/link in the email having no obvious link to it. Rarely is there a single link to the company domain, with everything pointing to the that of the commissioned survey provider.
To me it sets off every damn alarm bell for a phishing attempt. Expecting customers to use it encourages unsafe practices.
@babe You suspect fowl play?
-
STOP. SENDING. SURVEYS. FROM. THIRD. PARTY. SERVICES.
It looks sus as ducks having something from randomsurvey.co.uk come through on behalf of YourCompany with every domain/link in the email having no obvious link to it. Rarely is there a single link to the company domain, with everything pointing to the that of the commissioned survey provider.
To me it sets off every damn alarm bell for a phishing attempt. Expecting customers to use it encourages unsafe practices.
FILL OUT THIS SURVEY FOR A FINANCIAL REWARD! is even worse. You're offering remuneration to customers for the watering down of their good security practices.
-
@babe You suspect fowl play?
@woe2you In this case no, but there's no way in hell I'm clicking any link in the email.
-
@woe2you In this case no, but there's no way in hell I'm clicking any link in the email.
@babe I've never heard "sus as ducks" before, but I always thought they looked a bit shifty.
-
FILL OUT THIS SURVEY FOR A FINANCIAL REWARD! is even worse. You're offering remuneration to customers for the watering down of their good security practices.
@babe Interesting timing here because I got one of these emails today that did in fact offer me a $100 discount on their store if I review a product I got a few months ago *and* was sent from an external email
-
STOP. SENDING. SURVEYS. FROM. THIRD. PARTY. SERVICES.
It looks sus as ducks having something from randomsurvey.co.uk come through on behalf of YourCompany with every domain/link in the email having no obvious link to it. Rarely is there a single link to the company domain, with everything pointing to the that of the commissioned survey provider.
To me it sets off every damn alarm bell for a phishing attempt. Expecting customers to use it encourages unsafe practices.
@babe Funny you posted this when I'm literally looking at the exact email you describe. I bought a new video card a couple of weeks ago and I am staring at an email from a third party saying they partnered with the store I bought it from and want me to review it. Looks totally sus. Could be legit, but if it is, then why didn't they just send me an email asking to review the product?
-
@babe Interesting timing here because I got one of these emails today that did in fact offer me a $100 discount on their store if I review a product I got a few months ago *and* was sent from an external email
@serebit It seems like a really common practice. I get a few every year from different companies and it's always the same thing - no link to the company they claim to be acting on behalf of.
One or two I've received *were* phishing attempts.
-
@babe Funny you posted this when I'm literally looking at the exact email you describe. I bought a new video card a couple of weeks ago and I am staring at an email from a third party saying they partnered with the store I bought it from and want me to review it. Looks totally sus. Could be legit, but if it is, then why didn't they just send me an email asking to review the product?
@littlemike And from an email you can recognise as belonging to the company!
-
FILL OUT THIS SURVEY FOR A FINANCIAL REWARD! is even worse. You're offering remuneration to customers for the watering down of their good security practices.
I get a few of these emails every year and occasionally investigate. A few of them WERE phishing attempts, sent to emails that had featured in major leaks.
The phishing emails and legitimate emails were indistinguishable. By using third party services on third party domains, you look like a scammer.
-
STOP. SENDING. SURVEYS. FROM. THIRD. PARTY. SERVICES.
It looks sus as ducks having something from randomsurvey.co.uk come through on behalf of YourCompany with every domain/link in the email having no obvious link to it. Rarely is there a single link to the company domain, with everything pointing to the that of the commissioned survey provider.
To me it sets off every damn alarm bell for a phishing attempt. Expecting customers to use it encourages unsafe practices.
@babe When I'm in a "good mood", I answer these surveys in the most negative way possible. In the comment field I write something like:
Loved your service/product all until you sent me this survey. That you need to beg for feedback like this shows me you completely lack any kind of confidence in what you provided me. I've taken notice and will look for alternatives as soon as possible.
-
STOP. SENDING. SURVEYS. FROM. THIRD. PARTY. SERVICES.
It looks sus as ducks having something from randomsurvey.co.uk come through on behalf of YourCompany with every domain/link in the email having no obvious link to it. Rarely is there a single link to the company domain, with everything pointing to the that of the commissioned survey provider.
To me it sets off every damn alarm bell for a phishing attempt. Expecting customers to use it encourages unsafe practices.
@babe Sadly it's no better within companies when communicating with employees. What 3rd party is HR using _this_ month without giving everyone a heads-up?
-
I get a few of these emails every year and occasionally investigate. A few of them WERE phishing attempts, sent to emails that had featured in major leaks.
The phishing emails and legitimate emails were indistinguishable. By using third party services on third party domains, you look like a scammer.
@babe Is the survey thing a UK thing because I don't recall a lot of those emails in the context of German/Austrian companies
It does sound super phishy tho *badumtss* -
@serebit It seems like a really common practice. I get a few every year from different companies and it's always the same thing - no link to the company they claim to be acting on behalf of.
One or two I've received *were* phishing attempts.
-
@littlemike And from an email you can recognise as belonging to the company!
@babe It's infuriating because it makes all my infosec instincts twitch.
-
@babe It's infuriating because it makes all my infosec instincts twitch.
@littlemike I am screaming internally every time
-
FILL OUT THIS SURVEY FOR A FINANCIAL REWARD! is even worse. You're offering remuneration to customers for the watering down of their good security practices.
@babe Seems like a good thing to be compensated for the time and effort to complete a survey. I usually decline the survey if there's no compensation.
-
STOP. SENDING. SURVEYS. FROM. THIRD. PARTY. SERVICES.
It looks sus as ducks having something from randomsurvey.co.uk come through on behalf of YourCompany with every domain/link in the email having no obvious link to it. Rarely is there a single link to the company domain, with everything pointing to the that of the commissioned survey provider.
To me it sets off every damn alarm bell for a phishing attempt. Expecting customers to use it encourages unsafe practices.
@babe@glitterkitten.co.uk Those really aggravate me.
It's one thing if someone on social media announces a survey via their normal social media channels, but emails coming out of nowhere? Yeah, that's bad.
And some of them being legitimate(to the extent this sort of thing can be legitimate)... yeah, worse. Just makes this sort of thing look plausible.
If I can't get to it via a normal login to the company/service website, it might as well not exist for me. -
@babe Seems like a good thing to be compensated for the time and effort to complete a survey. I usually decline the survey if there's no compensation.
@fathermcgruder@jorts.horse @babe@glitterkitten.co.uk The problem comes when it encourages people to click links to random websites without a clear connection to the entity the email claims to be running the survey.
When a financial reward is a plausible outcome of clicking a link in an email, it's going to be a lot easier to convince people to click on a phishing link.
That said, paid surveys are nice but no matter how plausible a given email seems, don't click anything. Reach out to their customer service to verify if you really want to, just don't click the link without checking(and don't trust the CS contacts in the email, go to their website) -
STOP. SENDING. SURVEYS. FROM. THIRD. PARTY. SERVICES.
It looks sus as ducks having something from randomsurvey.co.uk come through on behalf of YourCompany with every domain/link in the email having no obvious link to it. Rarely is there a single link to the company domain, with everything pointing to the that of the commissioned survey provider.
To me it sets off every damn alarm bell for a phishing attempt. Expecting customers to use it encourages unsafe practices.
@babe you wanna know who's really guilty of this? US Government Agencies. Like seriously c'mon guys!
-
R relay@relay.mycrowd.ca shared this topic
-
@littlemike I am screaming internally every time
@babe I totally agree. I didn't even bother clicking on the link to leave a review. Hell I didn't even go to the site manually and leave a review because I was so mad lol
