Mystery Popups: Difference between revisions

Revision as of 07:52, 3 Mayıs 2016

Mystery Popups - A Warning

We received a report from a customer about a popup window claiming to be from us, and encouraging the user to fill in a survey. The customer's email contained a number of pieces of information :-

It claimed to be representing you and asked two things:

1. What we thought about you as the ISP. It mentioned you by name.
2. A competition.

Anyway she ended up signing up for a trial diet nonsense which ...
We must pay for. We must pay postage  Total is only about £5 .....BUT!
To stop £79.99 going out every month I must return the good in a specially
requested package and then try to get through to the scammers again!

There is an issue here for me certainly but how on Earth did they know you
were the ISP? Could it be my daughter's firewall on her PC?

We of course replied to the customer but thought creating a page to serve as a warning to other customers of this scam being conducted in our name.

Was this from us?

Obviously not. We do not intercept browsing traffic in any way, let alone modify it to include headers that might cause a popup. We wouldn't undertake this kind of activity by any medium.

How did they know which ISP?

When a person browses a web page, the IP address that their traffic is coming in from (and sent back to) is recorded by the web server. This IP address is capable of being looked up in several ways, including at the RIR (Regional Internet Registry) level; in our case the RIPE database, or via DNS. In short when you browse the Internet, it is quite trivial for the operator of a web site to fairly accurately work out which ISP you are with unless you are browsing via a VPN or anonymity service such as Tor.

What do these popups look like?

As luck would have it, a few days after the customer's email, a member of staff had (we think) the same popup whilst browsing. So this is clearly something fairly widespread at the moment. For completeness, the member of staff screengrabbed each and every stage of the "questionnaire". We reproduce this here in full.

First Popup

All other stages to the survey

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

Step 9

Choosing your "prize"

One of the "prizes" on offer

And some blurb possibly giving away this scam's true origins

And the same for the alternate "prize"

So in conclusion

It isn't from us. This is not the kind of thing we would get involved in. The "prizes" (if they really exist) look to possibly originate from Gibraltar or Cyprus, although we've not been able to do any further due diligence of the two companies named in the Ts and Cs. We strongly recommend that you do not participate in surveys claiming to be from us, since it's very unlikely we'd ever conduct a survey like this in our own right. If we ever did decide to do so, we'd make sure the survey was linked from our own site, and not an annoying popup.

Revision as of 13:43, 20 March 2015 (view source) AA-Andrew (talk \| contribs) mNo edit summary ← Older edit		Revision as of 07:52, 3 Mayıs 2016 (view source) AA-Andrew (talk \| contribs) mNo edit summary Newer edit →
Line 1:		Line 1:
			<indicator name="Front">[[File:Menu-document.svg\|link=Category:Technical_Documents\|30px\|Back up to the Technical Documents category]]</indicator>
	== Mystery Popups - A Warning ==		== Mystery Popups - A Warning ==