There have been numerous free voucher scams over the last year and that's especially true around the Christmas and New Year period, a time when many consumers are looking to make cost savings. As just one example, Bullguard recently spotted a scam which sought to tempt users into downloading a fake free £500 Asda voucher.
The latest attack sees scammers target bargain hunters by pretending to offer free £250 vouchers for Asos, the popular ecommerce fashion store.
Malwarebytes analyst Christopher Boyd uncovered the scam this week and posted the details on the company blog. He said that the offer itself contains numerous inaccuracies, such as the voucher counter going into negative numbers, but added that it could be used to submit personal information to advertising networks or to force the user into downloading unwanted programs.
The analyst continued that personal information is likely to be passed on too.
“Creators of sites such as these want to make as much affiliate cash as possible, which they generate every time the survey network they use ends up with a completed survey or install,” Boyd told SCMagazineUK.com.
“They don't have any control as to where PII filled into surveys are sent, nor do they likely know who it ends up with because the offers displayed typically rely on geolocation to serve relevant content. Worse, the advertisers you submit the information to could well have terms and conditions which enable them to pass onto their partners down the line.”
An SC employee, Payal Padhair, whose friends shared the 'offer' on her facebook page, told SC, "The offer seemed too good to be true - offering £250 for liking the product and sharing it with others. But lots of people were sharing and liking it it on Facebook."
In response to this news, Asos said on Facebook that the offer was nothing to do with them.
“We are aware of some bogus sites that try to imitate comps (sic) that we run. We've passed this on to our legal team who are looking into this competition as we speak”.
Although this scam was discovered on a website, most scams of this kind want to get users to ‘Like' the offer on Facebook and various industry observers recently told SCMagazineUK.com that social media attacks will become increasingly commonplace in 2014.
“Facebook has done a lot to combat the spread of scams on its network, but it remains extremely popular with scammers who continue to create fake deals, rogue applications and encourage users to spam legitimate pages with messages about their offers with the hope of snagging yet more victims,” added Boyd.
“Online scammers are always on the lookout for new ways to trick people into clicking a link, downloading a file, or simply giving up their private information,” TrustedSec security consultant Larry Spohn told SCMagazineUK.com. “Now that everyone and their Grandmother is connected to the Internet, it's easier than ever to find new victims.”
“If you take a step back and try to think like an attacker, where would you target an attack to get the most bang for your buck? With over one billion users on Facebook and over half a billion users on Twitter, I think you would agree that social media would be a good place to start."