Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Will You Put Your Password in a Survey?

Published: 2020-03-05
Last Updated: 2020-03-05 06:40:00 UTC
by Xavier Mertens (Version: 1)
1 comment(s)

Thanks to one of our readers who submitted this interesting piece of phishing. Personally, I was not aware of this technique which is interesting to bypass common anti-spam filter and reputation systems. The idea is to create a fake survey on a well-known online service.

In this case, the attacker used surveygizmo.com[1] which offers you to build an online presence for surveys or feedback forms. Most of these websites are paid services but offer free trials. Enough to build a phishing campaign.

The generated link is sent to the victim as usual with some social engineering. Here is an example of the link:

hxxps://www[.]surveygizmo[.]com/s3/5485786/Invoice-4982550

The landing page looks like this:

(Note the typo "your o email")

And, once you provided your credentials, the survey immediately ends with this screen:

The attacker just needs to login on his account to access data submitted by victims… You don’t need to deploy or hack a server to host the phishing page, you just use free resources provided by a cloud service. Pretty clever… And, if you’re ready to pay a small fee, you can even build self-branded surveys to increase the chances to lure victims.

[1] https://www.surveygizmo.com/

Xavier Mertens (@xme)
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key

1 comment(s)
ISC Stormcast For Thursday, March 5th 2020 https://isc.sans.edu/podcastdetail.html?id=6896
Diary Archives