Anatomy of a “free” gift – how online surveys can harm your digital health – Naked Security

Over the weekend, we received a short, sweet and simple note.

It arrived by email, but the crooks could easily – and for all we know, did – use the same content in an SMS or text message:

We weren’t tempted, not least because of the giveaway HTTP link – which was a fortunate blunder by the sender, because the redirector site they were using immediately transferred us to a more legitimate-looking HTTPS page, complete with security padlock.

(Remember: a web certificate and padlock doesn’t vouch for what’s actually on a web page – it’s called a TLS certificate, short for Transport Layer Security, because it protects the network traffic, even if the data ultimately served up is fake news, malware or a not-so-free gift..)

The other giveaway mistake by the senders of this email is that the amount is in dollars, yet we’re in the UK where a $100 McDonald’s voucher wouldn’t be redeemable.