You won 100$ or a free iPad!
Earlier today, SANS ISC reader Matthew reported one of his users stumbling over an odd "Click here to win your prize" page. We are still investigating the full contents, but it looks like several misspellings of wikipedia are used in this scam, in addition to many other domains.
wikipeida-org, wikepedia-org, wictionary-org, wikpedia-com, wikispaces-cm are all domains with a typo that redirect visitors to a "you won a prize" page. The result currently looks like the screenshot below
Clicking through leads to another page, where to claim the prize lots of personal information must be entered. They even have a "Privacy Policy" of sorts in the fine print, and it even seems to be unexpectedly honest:
(a) PERSONAL INFORMATION. We will share any and all personal information you submit to our Company with third parties who may have products or services you will find of interest. We will share your information without your additional consent. We may also use your personal information to verify your identity, to check your qualifications, or to follow up with transactions initiated on the Site. We may also use your contact information to inform you of any changes to the Site, or to send you additional information about us. If you give your permission during the account registration process, we may share your information with our business partners or other companies so that they may send you promotional materials. By giving your permission during the account registration process, you expressly consent to receive such promotional materials from us and/or our business partners or other companies via various media channels, which includes, but is not limited to, SMS messaging (standard carrier text messaging charges will apply).
Be careful what you wish for .. this free iPad comes with plenty strings attached!
Update: Other prominent typo domains affected include youtrube-com, youotube-com, youzube-com. RUS-CERT's passive DNS has a long list of domains pointing to the same IP: http://www.bfk.de/bfk_dnslogger.html?query=69.6.27.100#result
Comments
Conrad Longmore
Dec 12th 2011
1 decade ago
Happy holidays,
http://community.websense.com/blogs/securitylabs/archive/2011/12/07/a-typosquat-hostname-list-for-xmas_2D00_.aspx
Elad
Dec 14th 2011
1 decade ago