Spam and Fraudulent Verification Survey Scam

Phishing bait:   A "spam and fraudulent verification survey" sent to GMail and Google+ users threatens account termination.

SCAM

Example:   [Collected via Facebook, December 2014]

Dear [Recipient],

Sorry you are seeing this.
We are doing a spam and fraudulent verification survey.

Please its very important you participate in this survey to help us serve you better.

[Image link: Click here to help you perform this verification survey.]

The achievement of this survey is to track and shut down fraudulent user and phising domain to help improve and make your mailing system better.

Please If a verification response is not gotten from you in the next 24 hours, we will assume you are a fraulent user and shut down your mail account, till after proper verification recovery before you can access you mail account again.

Thanks.

All Domain 2014 Team. Powered by Google+

Origins:   In 2014 the threatening message reproduced above (which closely resembled earlier phishing attempts) was spammed to many Internet users, directed at GMail and Google+ users.

According to the e-mail, users of either service (or both) were required to complete a "spam and fraudulent verification survey" in order to prevent

account deactivation or termination. The message stated recipients were obligated to reply within 24 hours or face suspension from Google services.

There were a number of clues this GMail phishing attempt was not on the level. The structure of the message was sloppy, and its syntax deviated from standard English (e.g., constructs such as "the achievement of this survey is ..." or

"spam and fraudulent verification survey"). Another aspect involved the breadth of the e-mail's stated consequence for noncompliance: Generally even minor changes to Google's GMail service are moderately newsworthy in technology publications, and suspension or deletion of a large number of accounts would result in widespread complaints and news coverage.

Users who clicked on the fraudulent GMail or Google+ spam and fraudulent verification survey e-mail were redirected to a page mimicking genuine Google product pages, where they were prompted to enter details such as passwords and phone numbers to "verify" their accounts. The details provided by victims of the scam in part enabled its perpetrators to log in to their Google accounts and utilize them for potentially fraudulent purposes. When the phishing process was complete, the scam redirected users to their own GMail inboxes (for which access would never have been suspended in the first place).

Generally, when Google requires verification for its purposes, users are automatically redirected to a page established for that purpose upon login and not (to our knowledge) notified via e-mail. When suspicious messages like the one above are received, it's best to avoid clicking the links included within them to prevent unauthorized scripts from running on your browser or redirecting you to sites that may include malware.

Last updated:   28 December 2014