Increasing reports on malvertising has left us with the notion that any site belonging to legitimate businesses that earn through ads may be potentially harmful.

Although encountering exploits by means of ads pose a truly serious threat to anyone’s computing device, especially if they’re not religiously patched, one of our recent hunts for in-the-wild threats remind us that malware isn’t the only reason why users need to be wary of ads on sites. Some of them lead to fraud sites, too.

Case in point:

finance-reports-wmclick to enlarge

Text snippet:

Single Mom Makes $98,844/Yr in Her Spare Time on The Computer Without Selling Anything

Have You Ever Considered Beating The Recession?

Kelly Richards of New York was tired of worrying all the time where the next dollar is coming from. Life seemed
merely a succession of bills and worrying about how to pay them. One late night while surfing the internet, her long hours of research had finally paid off and she discovered her tight lip secret to getting a break in life and beating
the recession. She was finally able to provide for her three children while staying home with them.

I read Kelly's blog last month and decided to feature her story in our local job report. In our phone interview she
told me her amazing story. "I basically make about $6,000-$8,000 a month online. It's enough to comfortably
replace my old jobs income, especially considering I only work about 10-13 hours a week from home.

We have found this sitting on the page of The Chronicle, a newspaper in the UK.

The above is located at replace-now[DOT]com. However, we’ve seen other domains brandishing the same interface, an instant give-away that tells us this is a scam. The said domains are as follows:

  • careersreportsonline[DOT]org[DOT]uk
  • careers-home[DOT]com
  • forbesbusinessreports[DOT]com
  • fox-reviews7[DOT]com
  • get5000[DOT]tk
  • incomefactorty[DOT]orgfree[DOT]com
  • jobnet10[DOT]com
  • jobs30[DOT]tk

It appears that the “work-from-home” campaign where replace-now[DOT]com belongs has been making rounds since the last quarter of 2015.

Another variant of this scam comes in the form of a “review”. For example, here’s a partial view of cyberworkreviews[DOT]com:

wfh-review-wmclick to enlarge

Text snippet:

The 3 Best Ways at Home Jobs Reviewed

Work At Home Special Report - If you are looking for a better way to make money, fire your boss or spend more
time with your family, you are definitely not alone. Everybody is looking to make extra income these days, and many people are turning to work at home programs... But, which ones are real and which ones are scams? And furthermore, which ones are the BEST?

We just had to find out... So we set out to do some research ourselves to discover the best ways to make money
from home in 2016. Not surprisingly, only three of the programs we tested made money quickly and easily for someone with little or no experience. You might even decide that one of them is a good fit for you, and you can begin
making money from home today.

When one visits any of the links from these campaigns, they are directed to sites that ask for their personally identifiable information (PII), such as complete name, physical address, email address, and contact number. This is probably why some security companies flag “work from home” sites, perhaps even their destination pages, as phishing or worse, malicious. [1] [2] [3] [4] [5]

Below are sample screenshots of the destination domains:

countdownclick to enlarge

ultimatehomeclick to enlarge

paydayclick to enlarge

The line that separates the “good” sites from the “bad” sites is becoming a blur, no thanks to rogue ads that continue to find their way into legitimate domains and affect innocent visitors.  Ad agencies and site owners have a huge role to play here, and so do us Internet users. Make sure that you, dear Reader, are doing your part.

Other related post(s):

Jovi Umawing (Thanks to Steven)