So I did consider flipping on the professional paranoia hat and having one of my guys take a look at the survey. Taking the available info; Female Friend, one initial likely to be J, on course 56732MM the two year part time Digital Security and Forensics MSc at Edinburgh Napier.
Moving on to a little bit of social engineering and a quick call to Professor Bill Buchanan who heads up the programme in Edinburgh, amazing what an academic will give up, especially if they think there is funding like he got from Guidance last year up for grabs. So armed now with the contact details of students involved in research on phishing, mapping it back into the available information gives us our mark. Now go to the survey and create a response that includes and email address and some comments, one of which points to a page within the users email domain. Being a good student "J" is not going to click on a link and may use software to probe it, when she does she will find that the link is clean. The homepage to the site however is not and that is where she is most likely to go, either click through from the clean link or just entering it in the address bar (human nature). It contains 5 different techniques to execute a drive by download. Done well at least one will work and we install a RAT.
With "J"s machine pwned we can now watch for a couple of days and ensure that she is legit. Knowing that she is it is OK to do the survey for real and leave an email address.
Of course there is no need to worry about the £25, with what she has on her laptop and a SQL injection attack on smart-survey.co.uk that got control of her account we can take that money whenever (being a good MSc student she has used a paid for service with DP standards rather than a free service).
NOTE: Beyond doing a little lightweight (less than 2 minutes) research to confirm that the course exists and that the survey was in line with the syllabus. None of the illegal activity above took place but it is exactly how it could be done, and done very quickly and cheaply. Whilst we should not be paralyzed by paranoia it is a good think that people on this thread have asked the questions they have.