A 50€ gift card for free?! “Hey, I’m no fool!“

01/26/2012
G DATA Blog

One of Europe’s most famous electronic goods retailers launched its first online shop just recently, on 16 January 2012. Cyber criminals take this opportunity to spread messages with fake gift card announcements as bait via Facebook!

The messages spreading try to convince you to visit a website such as mm-gutscheine.info or similar.

This particular domain was registered on Monday, 23 January 2012 by Ralph Berger and his company EnergizeYourWeb AG from Panama and is currently hosted in Turkey, like many other similar shady sites on this server. The company normally offers the provision of (competition) subscription services for cell phone owners. He seems to be a very generous person, to give away so many valuable gift cards for a German online shop. Well… later on we’ll explain how he actually earns the money. But let’s have a look at the website first:
Screenshot of the website offering fake gift cards

As far as the site suggested in the Facebook comment form Wednesday afternoon, more than 8,500 people already participated in this fake gift card offer on mm-gutscheine.info alone. This counter actually should make the whole campaign look more credible.
BUT: We actually wonder about this high number, because even if this ad was for real, which it certainly is not, the website states that only “the first 5,000 Facebook users receive a gift card for free” and still, the website visitor’s follow the instructions on how to allegedly “win” the gift card.
RESULT: The fraudsters behind this campaign seem to have realized that this high number is inappropriate for their business and by the late afternoon, the counter was down to a number around 700 again. They simply create a new Facebook comment form with a brand new counter and the procedure starts all over again.


What’s behind it?

The websites we analyzed currently did not host malware, but each and every launch of the website generates money for the fraudsters, because they integrated ads into the website via IFrame, like the one you can see on the screenshot, offering electronic devices – which perfectly suits the electronic goods retailer environment. The ads are served by ad.yieldads.com and are not limited to electronic device offers.
Furthermore, the user is forwarded to another site, with the real URL hidden behind a bit.ly short link.
Screenshot of the HTML code that redirects users to another website 

In our case, we were sent to a dating server with young ladies offering themselves as potential dating partners in our area. Use a proxy service to simulate your computer into another location and those exact same ladies will come from another area. Who would have guessed?!

So, this is where the money comes from, which Ralph Berger & co. are promising to give away to Facebook users *wink*


Is it for real?
No! This promotion is not an official promotion initialized by the electronic goods reseller. No participant will receive any money or gift card. The company itself already posted a message on their own Facebook wall to warn users not to participate:


There are several other website offering this particular 50€ gift card or even higher amounts in connection with shady competitions similar to the ones have seen before, e.g. in the Lady Gaga case we reported about.

Don’t forget: “Stinginess is cool” doesn’t work out all the time!


What users can do to be protected:

  • Use an up-to-date, comprehensive security solution with a virus scanner, firewall, http scan and real-time protection. A spam filter, to get rid of unwanted spam, is a must-have, too.
  • Do not click on links or download files if you received a message from a foreigner. The websites and files might harm your PC. Even if the message comes from a friend, but looks different from usual messages, you better ask him and reassure yourself that he willingly sent you this message. The domains used for this kind of scam try to lure users with a combination of key words related to the dominant topic, in this case the electronic goods retailer and free gift cards, to look more credible.
  • Do not surf the Internet while you are logged in to services like social networks simultaneously in the same browser. Fraudsters can manipulate your browser session and use your social network account to spread unwanted messages, etc.
  • Always log-out after your visit in social networks. Especially if the computer you are using is used by several other people or is a public machine, e.g. in universities, internet cafés, etc.

  • If you have fallen victim to this scam and shared the link on your Facebook wall, delete it as soon as possible! Otherwise, your friends might be tempted to click it and therefore share it as well.