Capital One "Member Satisfaction Survey" Phish

| | Comments (3)
There seem to be quite a lot of these doing the rounds at the moment:

Click to Enlarge

They've not done a very good job with this Phish - they display an obviously fake URL, for one thing - but they do get some bonus points for attempting to lure the end-user in:

"You've been selected to take part in our quick and easy 9 questions survey.
In return we will credit $20 to your account - Just for your time!"

Sounds tempting, right?

Click the link, and you find the deal has suddenly sweetened - you're now being told the offer is for $90, not $20 - courtesy of an extremely slick looking phish page:

Click to Enlarge
The red text on the right that says "Capital One will add $90 credit to your account just for taking part in our quick survey." is actually a scrolling ticker. Of course, the survey itself is just fluff - the meat of the scam is directly underneath:

Click to Enlarge

As you can see, a spectacular grab for personal information. Name, address, Mothers Maiden name, phone number....the works. Directly below, they want your full card details, the number on the verification strip, your social security number and even your ATM Pin number. Note how they keep up the pretense of this being a real webpage (asking you if you want to sign up for an "EMail Newsletter" inbetween the different sections).

The URL to avoid is

The site has been reported, and will hopefully be offline soon.


Even though the site has a fake URL, I can still see how even tech-savvy users could be fooled by the URL into thinking it's legit. Many companies such as Dell and Best Buy have customer satisfaction surveys, and these are often hosted on a 3rd party site that runs the survey. So, for instance some legitimate sites actually will have something like for the survey URL because the survey is being hosted on a 3rd party's web server and not the company's.

Also though, is there any significance or reason why the URL / site is on port 202? Is the main website at port 80 different or do they just have the web server running at port 202 for some odd reason? If there is different content at port 80 then 202 I would think this may be a compromised site or they're really trying to hide their tracks.

Dear Capital One Bank Customer,


You have been chosen by the Capital One Bank online department to take part in our quick
and easy 5 question survey.
In return we will credit $90 to your account - Just for your time!
Helping us better understand how our customers feel benefits everyone.

With the information collected we can decide to direct a number of changes to improve and
expand our online service.

We kindly ask you to spare two minutes of your time in taking part with this unique offer!

Confirm Now your $90 Reward Survey with Caital One Online Reward services.

2008 Capital One Services, Inc., N.A. Member FDIC

Thank you for your post.

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on November 26, 2008 7:53 PM.

Hacked On XBox Live: A Personal Account was the previous entry in this blog.

More MSN Login Harvesting... is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.