PayPal 5 question survey is just another phishing technique

“PayPal will add $50 credit to your account just for taking part in our quick 5 question survey. Only one survey per card is allowed, if you own multiple cards you can run the survey again for each.”

This is the opening paragraph of a phishing site that tries to attract visitor to fill in the short survey with the promise of  receiving $50 on your PayPal account.

 

At the end of the survey you are ask to fill in your personal details including your credit card number, expiry date and card pin.

Some phishing sites don’t have any control features and accept any data that is submitted. When I tested their webform my credit card number didn’t match the required 16 digits and afterwards my card number appeared to be invalid. I’m not using real data of course.

So I went to the source code and I found a nice Javascript(s) that will verify your submitted data. When everything is submitted you’ll get a return screen.

As always, be carefull when receiving emails with URLs in that redirect you to sites that don’t fit the picture completely. In this case, the PayPal lay out of the webpage gives away that it is a phishing site and there is no secure https connection. Also, what’s more important, if PayPal was doing a survey you didn’t had to fill in your credit card details again.