The new iPhone 6 has gone on sale around the world, sparking long lines and campouts, and a whole lot of buzz. Unsurprisingly, internet scammers quickly took advantage of the frenzy to distribute their wares.
Immediately following the unveiling of the new iPhone 6 and iPhone 6 plus, scammers accordingly began circulating email and web scams attempting to capitalize on its popularity. The gambits however take many forms.
For instance, Hoax-Slayer uncovered a bogus Facebook competition offering the ability to “win a new iPhone 6 by carrying out three easy steps.” To get a chance to win, the site claims that users must first like the site's Facebook Page and then further promote the site by sharing a link with Facebook friends. They are then instructed to go to a second page on the site to download a ‘Participation Application.’ But, a pop-up window will direct users to a list of links that open third-party survey websites.
And here’s where the real malicious activity starts: many of these ask users to submit their mobile number, which, in turn, will subscribe them to a premium SMS service that charges several dollars every time the scammers send the victim a message.
Others collect names, addresses and phone details, which can be used for a variety of nuisance campaigns.
“Meanwhile, the scammer who created the fake promotion will earn a commission via a suspect affiliate marketing scheme each time you fill in a survey and provide your details,” Hoax-Slayer explained. “And, each time you return to the download page, the pop-up will inform you that the survey was not completed properly or there was a 'small error'. You will be urged to participate in yet another survey. But, no matter how many surveys you complete, you will still not get to download your 'application'.”
In one of the many other campaigns, spammers are using an iPhone 6 giveaway email to lure in potential victims; they are asked to follow instructions in the email to click on a link to, yet once again, a survey, but instead, an adware install will commence. Since Sept. 12, AppRiver researchers have seen nearly 1 million messages associated with this specific campaign.
“Adware is a form of software that is meant to generate revenue for its author by automatically displaying advertisements,” explained AppRiver researcher Troy Gill, in a blog. “Adware is not typically anything more than an annoyance but can often seriously infringe on users' privacy. This particular strain has a wide array of functionality and can make a victim’s web browsing experience fairly miserable.”
These types of scams, of course, also carry the possibility of malicious activity in the form of man-in-the-middle attacks, malware deployments and phishing.
“Though its presence is not secret, it is quite good at embedding itself into the victim’s system and can be quite difficult for the average user to remove,” Gill said. “Remember, advertisements promising you something for nothing are almost always too good to be true.”