Mystery Popups: Difference between revisions
mNo edit summary |
(clean up) |
||
Line 1: | Line 1: | ||
<indicator name="Front">[[File:Menu-document.svg|link=Category: |
<indicator name="Front">[[File:Menu-document.svg|link=Category:Technical Documents|30px|Back up to the Technical Documents category]]</indicator> |
||
== Mystery Popups - A Warning == |
== Mystery Popups - A Warning == |
||
Line 94: | Line 94: | ||
[[Category: |
[[Category:Technical Documents]] |
Latest revision as of 00:04, 18 August 2018
Mystery Popups - A Warning
We received a report from a customer about a popup window claiming to be from us, and encouraging the user to fill in a survey. The customer's email contained a number of pieces of information :-
It claimed to be representing you and asked two things: 1. What we thought about you as the ISP. It mentioned you by name. 2. A competition. Anyway she ended up signing up for a trial diet nonsense which ... We must pay for. We must pay postage Total is only about £5 .....BUT! To stop £79.99 going out every month I must return the good in a specially requested package and then try to get through to the scammers again! There is an issue here for me certainly but how on Earth did they know you were the ISP? Could it be my daughter's firewall on her PC?
We of course replied to the customer but thought creating a page to serve as a warning to other customers of this scam being conducted in our name.
Was this from us?
Obviously not. We do not intercept browsing traffic in any way, let alone modify it to include headers that might cause a popup. We wouldn't undertake this kind of activity by any medium.
How did they know which ISP?
When a person browses a web page, the IP address that their traffic is coming in from (and sent back to) is recorded by the web server. This IP address is capable of being looked up in several ways, including at the RIR (Regional Internet Registry) level; in our case the RIPE database, or via DNS. In short when you browse the Internet, it is quite trivial for the operator of a web site to fairly accurately work out which ISP you are with unless you are browsing via a VPN or anonymity service such as Tor.
What do these popups look like?
As luck would have it, a few days after the customer's email, a member of staff had (we think) the same popup whilst browsing. So this is clearly something fairly widespread at the moment. For completeness, the member of staff screengrabbed each and every stage of the "questionnaire". We reproduce this here in full.
First Popup
All other stages to the survey
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Choosing your "prize"
One of the "prizes" on offer
And some blurb possibly giving away this scam's true origins
And the same for the alternate "prize"
So in conclusion
It isn't from us. This is not the kind of thing we would get involved in. The "prizes" (if they really exist) look to possibly originate from Gibraltar or Cyprus, although we've not been able to do any further due diligence of the two companies named in the Ts and Cs. We strongly recommend that you do not participate in surveys claiming to be from us, since it's very unlikely we'd ever conduct a survey like this in our own right. If we ever did decide to do so, we'd make sure the survey was linked from our own site, and not an annoying popup.