Sophos Cloud Optix
If you’ve got clumsy fingers like me, occasionally you probably type the wrong the wrong address for a website.
For instance, today I wanted to visit Twitter but I accidentally typed in
twtter.com
instead.
Clearly this site has no qualms about using a Twitteresque colour scheme, or the familiar silhouette of the Twitter bird (who apparently is officially named “Larry”).
The webpage says that I have been especially selected to answer an anonymous questionnaire, and asks a couple of fairly harmless questions – are you male or female? how often do you tweet?
Of course, if you weren’t watching closely you might think that this is a genuine Twitter questionnaire, and if you really think you might be in the running for a free iPhone 4 or an exotic holiday you may be all too keen to participate.
Oooh, look.. I could be a winner!
I decided that I’d like to try to win the Apple MacBook Pro and I was asked a question that probably even my Great Aunt Agatha could answer correctly – “can you watch videos on a MacBook Pro?”
And here’s the whole point of the exercise. The people behind these webpages want your mobile phone number. If you scroll down and read the small print of the bottom of the page, all is revealed.
Once the service has your mobile phone number it will begin to SMS you multiple choice questions. It will cost you £1.50 to receive each question, and a further £1.50 to answer. If you answer the most questions correctly (up to a maximum of 50 – which will have cost you a rather hefty £150) then you’ll be invited to take a tie-breaker.
Only if you’re judged to have given the best answer to the tie-breaker (presumably) will you win your prize.
Hmm.. not sounding so attractive now, is it?
And seeing as whoever is promoting this particular competition is raking in money by deliberately pretending to be Twitter by typosquatting their domain name, I personally would be less than keen to participate.
Whoever is behind this campaign is hoping that enough people will (like me) mistype Twitter’s URL and bring them lots of traffic.
Always remember to read the small print and have your wits about you when you’re offered something that seems too good to be true, and be careful who you give your mobile phone number to online.
If you go to www.whois.net, you can look up the information for who is registered to this website. There's even a phone number listed and it shows it is in Colorado.
That whois info is a dead end. Brian Krebs (krebsonsecurity.com) wrote an article for the Washington Post a couple years back that showed how this works. http://voices.washingtonpost.com/securityfix/2008…
From the article:
Out of the 15,000 spam-advertised domains we examined, nearly half — 7,142 names — were registered through a Broomfield, Colo. company called Dynamic Dolphin. As I noted in my previous story, Dynamic Dolphin is the seventh most-popular registrar among spammers who provide patently false information in their public WHOIS records.
Dynamic Dolphin is owned by a company called CPA Empire, which in turn is owned by Media Breakaway LLC. The CEO of Media Breakaway is none other than Scott Richter, the once self-avowed "Spam King" who claims to have quit the business. Anti-spam groups also have recently implicated Media Breakaway in the alleged hijacking of more than 65,000 Internet addresses for use in sending e-mail and hosting commercial Web sites.
There is more good info in the article, but the basic gist is that the info is fake and you aren't going to find out who the real owner is.
The fact that they spell "getaway" as "Get Away" would also raise some red flags for me.
I would have thought Twitter would have bought the domain twtter.com and had it redirect to the correct site.
The same thing is being done at a mis-spelled version of youtube.com. This is the only scam that has ever reeled me in.
Interesting thought, what would happen if through act of malice a mobile number was entered of a person who didn't know it was being entered? Perhaps somebody in a van cut you off, you get their mobile number and enter into pages like this? Is this piggybacking malware in its infancy?
First SMS is a validation pin, so you would need the actual phone of a target to do this.
You tested this?
Of course. I have a number of, er…contacts, who I'd just love to sign up for this.