You won 100$ or a free iPad!

You won 100$ or a free iPad!
Earlier today, SANS ISC reader Matthew reported one of his users stumbling over an odd "Click here to win your prize" page. We are still investigating the full contents, but it looks like several misspellings of wikipedia are used in this scam, in addition to many other domains. wikipeida-org, wikepedia-org, wictionary-org, wikpedia-com, wikispaces-cm are all domains with a typo that redirect visitors to a "you won a prize" page. The result currently looks like the screenshot below Clicking through leads to another page, where to claim the prize lots of personal information must be entered. They even have a "Privacy Policy" of sorts in the fine print, and it even seems to be unexpectedly honest: (a) PERSONAL INFORMATION. We will share any and all personal information you submit to our Company with third parties who may have products or services you will find of interest. We will share your information without your additional consent. We may also use your personal information to verify your identity, to check your qualifications, or to follow up with transactions initiated on the Site. We may also use your contact information to inform you of any changes to the Site, or to send you additional information about us. If you give your permission during the account registration process, we may share your information with our business partners or other companies so that they may send you promotional materials. By giving your permission during the account registration process, you expressly consent to receive such promotional materials from us and/or our business partners or other companies via various media channels, which includes, but is not limited to, SMS messaging (standard carrier text messaging charges will apply). Be careful what you wish for .. this free iPad comes with plenty strings attached!	Daniel 367 Posts ISC Handler
Subscribe	Dec 12th 2011 8 years ago
Those IP addresses belong to OptInRealBig.com, aka Media Breakaway LLC, headed by Scott Richter - http://en.wikipedia.org/wiki/Scott_Richter	Conrad 15 Posts
Quote	Dec 12th 2011 8 years ago
Hi, we cover the same threats and include a video in our blog. Happy holidays, http://community.websense.com/blogs/securitylabs/archive/2011/12/07/a-typosquat-hostname-list-for-xmas_2D00_.aspx	Conrad 1 Posts
Quote	Dec 14th 2011 8 years ago

Earlier today, SANS ISC reader Matthew reported one of his users stumbling over an odd "Click here to win your prize" page. We are still investigating the full contents, but it looks like several misspellings of wikipedia are used in this scam, in addition to many other domains.

wikipeida-org, wikepedia-org, wictionary-org, wikpedia-com, wikispaces-cm are all domains with a typo that redirect visitors to a "you won a prize" page. The result currently looks like the screenshot below

Clicking through leads to another page, where to claim the prize lots of personal information must be entered. They even have a "Privacy Policy" of sorts in the fine print, and it even seems to be unexpectedly honest:

(a) PERSONAL INFORMATION. We will share any and all personal information you submit to our Company with third parties who may have products or services you will find of interest. We will share your information without your additional consent. We may also use your personal information to verify your identity, to check your qualifications, or to follow up with transactions initiated on the Site. We may also use your contact information to inform you of any changes to the Site, or to send you additional information about us. If you give your permission during the account registration process, we may share your information with our business partners or other companies so that they may send you promotional materials. By giving your permission during the account registration process, you expressly consent to receive such promotional materials from us and/or our business partners or other companies via various media channels, which includes, but is not limited to, SMS messaging (standard carrier text messaging charges will apply).

Be careful what you wish for .. this free iPad comes with plenty strings attached!

Daniel

367 Posts
ISC Handler

Those IP addresses belong to OptInRealBig.com, aka Media Breakaway LLC, headed by Scott Richter - http://en.wikipedia.org/wiki/Scott_Richter

Conrad

15 Posts

Hi, we cover the same threats and include a video in our blog.

Happy holidays,

http://community.websense.com/blogs/securitylabs/archive/2011/12/07/a-typosquat-hostname-list-for-xmas_2D00_.aspx

Conrad
1 Posts