We’re seeing what appears to be a familiar scam on the verge of a comeback.
As you can see, we first encountered the spammed link on LinkedIn, thanks to a user named Kolko Kolko, who according to his profile is a coach and has the face of an A-list celebrity.
Doing a quick online search using the Goog.gl shortened URL brings up other domains—Google Plus, Livejournal, and Picasa, specifically—where the list is also being posted and shared.
Once users click the link, they are directed to a survey scam page. Below is an example:
click to enlarge
The above page is a type of survey that gives users the option to skip. Doing so, however, opens additional layers of survey pages that needs skipping until such a point that users encounter a page they could not escape, such as this:
click to enlarge
Note that the surveys vary depending on the user’s location. Below are the possible pages one may encounter when he/she is located in, say, Australia:
Should you encounter any posts from random users on sites you frequent with regard to claiming an iPhone 6, don’t click the link. Instead, warn friends and contacts on that site to avoid falling for it, too.
Jovi Umawing
Yeah these are tame ones…A few weeks ago we had one that got 12 of my friends. I turn my tagging off but the new ones use comments of you of you Facebook to click it. They take you to a fake Facebook sign in page to gain your credentials. I have to use a virtual machine to check out the links securely to ensure I don’t get hit with XSS or the like. I like to check these links out and find out their payload.
Hello, Brandon 🙂 Thanks for the information!
What happens if you click the link, and then just close the page once all the surveys start popping up? Anything?
Shadowfax71957, as far as my testing went, there was no visible threat once the user closes the window just as the survey page starts to pop up.
Hope this helps! 🙂