One of Europe’s most famous electronic goods retailers launched its first online shop just recently, on 16 January 2012. Cyber criminals take this opportunity to spread messages with fake gift card announcements as bait via Facebook!
The messages spreading try to convince you to visit a website such as mm-gutscheine.info or similar.
This particular domain was registered on Monday, 23 January 2012 by Ralph Berger and his company EnergizeYourWeb AG from Panama and is currently hosted in Turkey, like many other similar shady sites on this server. The company normally offers the provision of (competition) subscription services for cell phone owners. He seems to be a very generous person, to give away so many valuable gift cards for a German online shop. Well… later on we’ll explain how he actually earns the money. But let’s have a look at the website first:
As far as the site suggested in the Facebook comment form Wednesday afternoon, more than 8,500 people already participated in this fake gift card offer on mm-gutscheine.info alone. This counter actually should make the whole campaign look more credible.
BUT: We actually wonder about this high number, because even if this ad was for real, which it certainly is not, the website states that only “the first 5,000 Facebook users receive a gift card for free” and still, the website visitor’s follow the instructions on how to allegedly “win” the gift card.
RESULT: The fraudsters behind this campaign seem to have realized that this high number is inappropriate for their business and by the late afternoon, the counter was down to a number around 700 again. They simply create a new Facebook comment form with a brand new counter and the procedure starts all over again.
What’s behind it?
The websites we analyzed currently did not host malware, but each and every launch of the website generates money for the fraudsters, because they integrated ads into the website via IFrame, like the one you can see on the screenshot, offering electronic devices – which perfectly suits the electronic goods retailer environment. The ads are served by ad.yieldads.com and are not limited to electronic device offers.
Furthermore, the user is forwarded to another site, with the real URL hidden behind a bit.ly short link.
In our case, we were sent to a dating server with young ladies offering themselves as potential dating partners in our area. Use a proxy service to simulate your computer into another location and those exact same ladies will come from another area. Who would have guessed?!
So, this is where the money comes from, which Ralph Berger & co. are promising to give away to Facebook users *wink*
Is it for real?
No! This promotion is not an official promotion initialized by the electronic goods reseller. No participant will receive any money or gift card. The company itself already posted a message on their own Facebook wall to warn users not to participate:
There are several other website offering this particular 50€ gift card or even higher amounts in connection with shady competitions similar to the ones have seen before, e.g. in the Lady Gaga case we reported about.
Don’t forget: “Stinginess is cool” doesn’t work out all the time!
What users can do to be protected: