Octubre 15, 2015

The iPhone 6S £1 Facebook UK Scam

Nicholas Griffin Security Researcher

<p>Apple products are no strangers when it comes to the world of online scams, so it was no surprise recently when Raytheon | Websense&reg;&nbsp;Security Labs&trade; researchers discovered a new Facebook post being shared that was offering an iPhone 6S for only &pound;1. Of course, getting a brand new iPhone 6S for &pound;1 sounds too good to be true, and it was, so we decided to investigate and delve deeper into this particular scam.</p>

<p>Raytheon | Websense customers&nbsp;are protected against this threat via real-time&nbsp;analytics with ACE,&nbsp;the Websense&nbsp;<a href="http://www.websense.com/content/websense-advanced-classification-engine.... rel="nofollow" target="_blank">Advanced Classification Engine</a>, at the different&nbsp;<a href="http://www.websense.com/content/seven-stages-recon.aspx?cmpid=slbl" rel="nofollow" target="_blank">stages</a>&nbsp;of the attack detailed below:&nbsp;</p>

<li>Stage 2 (Lure) - ACE has protection against the fake news article used in this scam and the scam site itself.</li>
<li>Stage 3 (Redirect) - ACE has protection against the site used to redirect users to the eventual scam landing page.</li>

<h2>The Lure</h2>

<p>Targets of this scam will typically see a Facebook post that has been shared by their friends and other victims of the scam, such as the one below:</p>

<p><img alt="" src="/sites/default/files/blog/legacy/security-labs/4035.iphone_6s_scam_facebook2.png-550x0.png" style="height:425px; width:494px" /></p>

<p>Clicking on the post ends up redirecting to a fake news article on&nbsp;<em>igadgete[.]com</em>. The news article claims that a &quot;trusted distribution partner&quot; of Apple named &quot;FunkyClock&quot; is giving away iPhone 6S phones for &pound;1 as part of a new promotion. We have also seen a French-themed version of this scam at&nbsp;<em>latribune[.]igadgete[.]com</em>.</p>

<p><img alt="" src="/sites/default/files/blog/legacy/security-labs/0131.iphone_6s_scam.png-550x0.png" style="height:508px; width:549px" /></p>

<p>They even try to alleviate the reader&#39;s suspicions of a scam by acknowledging that the promotion seems &quot;too good to be true&quot; and providing a fake testimonial from a happy consumer. Obviously, this is all a complete lie and is set to entice a user into clicking on another link in the article, which ends up redirecting through a chain of affiliate links to another site,&nbsp;<em>funkyclock[.]com</em>.</p>

<p><img alt="" src="/sites/default/files/blog/legacy/security-labs/6318.iphone_6s_scam4_2.png-550x0.png" style="height:510px; width:549px" /></p>

<p>Most people would probably notice some discrepancies here and reading the terms and conditions reveals that<em>funkyclock[.]com</em>&nbsp;has a subscription model for accessing trivia games and prize draws.</p>

<p><img alt="" src="/sites/default/files/blog/legacy/security-labs/7115.iphone_6s_scam5.png-550x0.png" style="height:111px; width:313px" /></p>

<p>If&nbsp;users enter their card details into this website, they will be charged a total of &pound;75 if they do not cancel the subscription before the 3-day &quot;trial period&quot; is over. It is highly likely that cancelling this subscription may be difficult or impossible, so the best thing to do is to stay away from sites like this and to never enter your card details.</p>

<h2>Traffic&nbsp;and Profits</h2>

<p>Funkyclock has steadily been receiving more traffic to its site in the last few months and is currently receiving over 7 million estimated visits per month according to SimilarWeb:</p>

<p><img alt="" src="/sites/default/files/blog/legacy/security-labs/0842.funkyclock_similarweb.png-550x0.png" style="height:363px; width:549px" /></p>

<p>If they are retaining approximately 30% of their traffic, then over 2 million users are potentially falling victim to this site. Even if only 1% of those users enter their card details and do not stop the subsequent subscription fee, that is a profit of over&nbsp;<strong>&pound;1.62million</strong>&nbsp;per month. For that amount, they could probably get away with giving away a few iPhones. And this doesn&#39;t even take into account the revenue they could be generating just from traffic to their site and affiliates.</p>


<p>Always be aware of an offer that seems too good to be true, because it almost certainly always is. If in doubt, Raytheon | Websense suggests the following:</p>

<p>&bull;&nbsp;Never enter your card details into websites that you do not know or trust.&bull;&nbsp;If something doesn&#39;t feel right, stop what you&#39;re doing and seek help.</p>

Acerca de Forcepoint

Forcepoint es la compañía líder en ciberseguridad de protección de datos y usuarios, encargada de proteger a las organizaciones a la vez que impulsa la transformación digital y el crecimiento. Nuestras soluciones se adaptan en tiempo real a la manera en que las personas interactúan con los datos, y proporcionan un acceso seguro a la vez que permiten que los empleados generen valor.