A contact of mine just fell victim to a spammer’s email address harvester that hides behind a free iPad scam.
The premise of the scam is this – you get sent an iPad review unit for 2 months, after which you are free to keep it. All you have to do is sign up and … give them access to one or more of your email address books or social network accounts so they can “invite” your contacts too.
If you do allow the spammers access to your contact list they send an email like this to each of your contacts:
Hello (your contact),
Your contact (your name) invites you to participate in an iPad review program.
Marketing research companies are looking for individuals who are interested in reviewing the new Apple iPad. The testing period lasts one month, after which reviewers can keep the device as a reward.
To see more details or to register to our program, follow the link below:
The Beta Testing Inc Group
By spoofing your email address when they send to your contacts the spammer hopes to avoid suspicion, raise the level of trust, and convert more victims.
The Beta Testing Inc Website
I’ll do my best to avoid any active hyperlinks to the site, but the URL in the invite email I received was betaincgroup.com, which forwarded me to betatestinginc.com.
The website is quite polished looking and gives a good first impression with a slick design that doesn’t immediately scream “scam!” at you like some sites do.
There is enough content and links on the site to look well established, but what they’re really hoping is that you will see the iPad offer and rush to take it up.
The Email Address Harvest
The spammer cleverly seeks to harvest email addresses by tricking you into giving them up willingly. First you’re asked for your email address (they’ve already harvested one of them when your friends invited you, and they’re hoping you’ll perhaps submit a different one in the signup process netting them two active addresses in the process).
In step 2 you’re asked to give them access to your email or social networks so that your friends can also be invited. A long list of webmail providers is available, as well as LinkedIn and Youtube.
Next you can complete your “registration”. Its worth pointing out that this step can be done without either step 1 or 2 being actually completed. They haven’t bothered coding in any logic to require you to complete the first two steps. And I’ll show you why.
The “Complete Registration” button points to a .php file on the local domain, which is a redirect to a new website. The new website is a simple mobile phone continuity scam disguised as a quiz. Whether you completed step 1 and 2 or didn’t, they want iPad-hungry suckers to land on this website and fall for the next scam. This is the spammer’s second bite of the cherry.
This iPad giveaway masks your standard mobile phone subscription service scam. I use the term “scam” quite willingly despite the following terms and conditions (which victims never read, and thats what they’re banking on).
“Subscription service: 2 msgs/wk $5/msg + $5 to join”
“This service operates according to the Australian code of conduct for SMS services.”
“Subscription: $5 once off joining fee + $10/wk to download mobile content”
No doubt this redirect is geo-located to send each potential victim to an offer in their own country.
Signs of the Scam
Despite the obvious signs I’ve already demonstrated there are plenty of other signals that should tell people this is all an elaborate scam if they were to look closely. The website cleverly distracts from most of its written content with imagery and a strong call to action, but on closer inspection the tell tale signs are there.
Exhibit A: They say a phone number is required for the confirmation process, but the signup form doesn’t ask for one.
Exhibit B: Numerous typos and grammatical errors (above and below).
Exhibit C: Efforts to get you spamming as many of your friends as possible.
Exhibit D: Non-functioning links in the footer. Amusingly, the Contact link in the footer doesn’t work but the one in the top nav menu does, and offers a standard contact form that is yet another way they can harvest your email address.
Exhibit E: A non-functioning link to a Twitter profile, and my favourite of all, the “no spam” phone number.
Who is Behind It?
Naturally the spammers are hiding behind private WHOIS details and domain names registered in the Bahamas.
The mobile subscription service I was redirected to had a different WHOIS and was registered in Amsterdam. They seem to be a generic “mobile entertainment” business running out of multiple countries, and not related to the iPad spammer themselves who appears to be an affiliate of the mobile company rather than directly associated.
Whether that service is legal in the countries it operates is irrelevant to me, I still consider it a scam and anyone who signs up to it be a victim.
From the Spammer’s Point of View
This is probably a decent earner for them. As long as some of the invites slip past spam filters and trick a few people into opening their email contacts the spammer gets:
- Usernames and passwords to email and social network accounts
- Valid email addresses for future spam
- At least 1 and sometimes 2 email addresses from the first victim
- All of the email addresses that the person has in their email or social network account
- Some affiliate commissions from the mobile subscription services they are redirecting victims to
And because of the invite system being used, after an initial push the scam could simply go viral and spread itself without any further effort.
Too Good to be True…
The old saying applies here. Really, 5000 free iPads? Sounds too good to be true doesn’t it?
Spammers are basically malicious marketers, and like any marketer will seek to exploit trends. Valentine’s Day, Christmas, new US presidents, natural disasters, and yes even new Apple products. There are all instant triggers for spam campaigns that try to take advantage of the things that are most relevant to people at the time.
A final note, if you did fall for this scam I strongly recommend you change your passwords now.