Phishing for Feedback?

According to the e-mail I received this morning HSBC have a customer survey they would like me to take.

For starters here's a screenshot of the e-mail I received:



I'm always willing to give feedback to companies I use, but I am not an HSBC customer, so let us see where we go when the link is clicked?



Looks like a normal survey so far, apart from the dodgy website address [IP dotted]. So let me fake some data and click on the submit button, here goes:



Ah, now I smell something very phishy indeed [even if I didn't before ;-)]. They want some account details; Ker-ching!

Oh, yes and there is no prize money, so don't expect to win, just like the fake lottery notifications that you get, it is just a scam.

Each phishing e-mail I receive is checked; all links are tested against the Netcraft toolbar, and any new ones, that the Netcraft toolbar doesn't yet know about are submitted for inclusion in their database. Nothing too unusual there. However, once in a while I spot something that makes a new phish stand out from the crowd, such as this one.

At the time I tested these links to the bogus [phishy] HSBC survey site it was not detected by the Netcraft toolbar, or even the Firefox anti-phishing functions which are now built into the browser. As I finish up writing this post Netcraft should now have it in their database as I sent them the details.

Just be careful when acting on requests for participating in surveys for companies you use, as they may be phishy and you may get more than you bargained for. In those phishy cases it is likely that your personal data will be stolen and used to make fraudulent transactions on your account.