Earlier today, SANS ISC reader Matthew reported one of his users stumbling over an odd "Click here to win your prize" page. We are still investigating the full contents, but it looks like several misspellings of wikipedia are used in this scam, in addition to many other domains. wikipeida-org, wikepedia-org, wictionary-org, wikpedia-com, wikispaces-cm are all domains with a typo that redirect visitors to a "you won a prize" page. The result currently looks like the screenshot below
Clicking through leads to another page, where to claim the prize lots of personal information must be entered. They even have a "Privacy Policy" of sorts in the fine print, and it even seems to be unexpectedly honest: (a) PERSONAL INFORMATION. We will share any and all personal information you submit to our Company with third parties who may have products or services you will find of interest. We will share your information without your additional consent. We may also use your personal information to verify your identity, to check your qualifications, or to follow up with transactions initiated on the Site. We may also use your contact information to inform you of any changes to the Site, or to send you additional information about us. If you give your permission during the account registration process, we may share your information with our business partners or other companies so that they may send you promotional materials. By giving your permission during the account registration process, you expressly consent to receive such promotional materials from us and/or our business partners or other companies via various media channels, which includes, but is not limited to, SMS messaging (standard carrier text messaging charges will apply).
|
Daniel 385 Posts ISC Handler Dec 12th 2011 |
Thread locked Subscribe |
Dec 12th 2011 1 decade ago |
Those IP addresses belong to OptInRealBig.com, aka Media Breakaway LLC, headed by Scott Richter - http://en.wikipedia.org/wiki/Scott_Richter
|
Conrad 15 Posts |
Quote |
Dec 12th 2011 1 decade ago |
Hi, we cover the same threats and include a video in our blog.
Happy holidays, http://community.websense.com/blogs/securitylabs/archive/2011/12/07/a-typosquat-hostname-list-for-xmas_2D00_.aspx |
Conrad 1 Posts |
Quote |
Dec 14th 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!