Help Net Security 21 November 2011
A Starbucks-themed scam has been spotted targeting users of both Facebook and Twitter users and it does so not via messages sent from compromised accounts, but through spam emails.
The emails tout Starbucks cards for free coffee and provide a link. When the victim follows it, he is faced with the following page (or the “Facebook” equivalent – “Share” instead of “Tweet”):
Once the user has done what was asked of him, he is able to click on the “Claim My Gift” button. Now he is faced with the option of trying one of three mobile apps. Whichever app he selects, he is taken to a survey scam site which, according to Trend Microresearchers, has been used heavily in past attacks.
To download the app, the user must first enter his mobile number and select his carrier (resulting in him subscribing to unwanted services) and complete a survey (money goes directly into the scammers’ pockets).
Needless to say, the free $100 Starbucks gift card is not delivered to the duped user.