“You-Just-Won” Gift Card Scam Continues to Proliferate the Web
The entry page template typically contains numerous dynamic elements. For starters, it uses geo-location analysis to detect a user’s IP address, helping to localize the gift card scam to make it seem more personal and believable. It also displays a countdown timer that serves to rush a user towards the claiming of the prize. On some of the page variations, a voice-over states the following:
“Congratulations! You are today’s winner. Please claim your prize in the next two minutes by entering your email address on the next page.”
In this example, the scam initially offers a $1000 prize. Clicking on any of displayed gift card offers diverts users to a subsequent web page in which the prize is dwindled down to a mere $50, all in exchange for a user’s email address and other personal information. zveloLABS™ researchers warn that this is a common, tell-tale characteristic of most Phishing sites. Scammers harvest such email addresses to continue growing their spam email target lists.
The last page in the process is branded as “iWinners Advantage,” and claims to be operating under “Compass Direct Marketing, LLC.” This organization has repeatedly been reported as the lead entity behind numerous online scams and rip-offs ranging in severity from unauthorized, one-time credit card transactions to the complete depletion of funds within personal bank accounts.
Google searches for the exact string, “Please select a prize, enter your email address and fill out your shipping information,” or for “Compass Direct Marketing” reveals hundreds, if not thousands, of these types of websites. The unfortunate reality is that these types of URL’s are typically not reported as web security risks by popular Web Reputation services, potentially exposing users to a world of hurt. zvelo’s website categorization and malicious website detection technologies effectively classify these websites as “phishing/fraud,” as they rightfully should be.