Mystery Popups: Difference between revisions
Line 76: | Line 76: | ||
[[File:Andrews_User_Survey11.jpg|400px|Step 10]] |
[[File:Andrews_User_Survey11.jpg|400px|Step 10]] |
||
''' |
'''One of the "prizes" on offer''' |
||
[[File:Andrews_User_Survey12.jpg|400px|Step 11]] |
[[File:Andrews_User_Survey12.jpg|400px|Step 11]] |
||
'''And some blurb possibly giving away this scam's true origins''' |
|||
'''Alternative "prize" origin''' |
|||
[[File:Andrews_User_Survey13.jpg|400px|Step 12]] |
[[File:Andrews_User_Survey13.jpg|400px|Step 12]] |
||
'''And the same for the alternate "prize"''' |
|||
[[File:Andrews_User_Survey14.jpg|400px|Step 12]] |
Revision as of 16:02, 27 Ocak 2015
Mystery Popups - A Warning
We received a report from a customer about a popup window claiming to be from us, and encouraging the user to fill in a survey. The customer's email contained a number of pieces of information :-
It claimed to be representing you and asked two things: 1. What we thought about you as the ISP. It mentioned you by name. 2. A competition. Anyway she ended up signing up for a trial diet nonsense which ... We must pay for. We must pay postage Total is only about £5 .....BUT! To stop £79.99 going out every month I must return the good in a specially requested package and then try to get through to the scammers again! There is an issue here for me certainly but how on Earth did they know you were the ISP? Could it be my daughter's firewall on her PC?
We of course replied to the customer but thought creating a page to serve as a warning to other customers of this scam being conducted in our name.
Was this from us?
Obviously not. We do not intercept browsing traffic in any way, let alone modify it to include headers that might cause a popup. We wouldn't undertake this kind of activity by any medium.
How did they know which ISP?
When a person browses a web page, the IP address that their traffic is coming in from (and sent back to) is recorded by the web server. This IP address is capable of being looked up in several ways, including at the RIR (Regional Internet Registry) level; in our case the RIPE database, or via DNS. In short when you browse the Internet, it is quite trivial for the operator of a web site to fairly accurately work out which ISP you are with unless you are browsing via a VPN or anonymity service such as Tor.
What do these popups look like?
As luck would have it, a few days after the customer's email, a member of staff had (we think) the same popup whilst browsing. So this is clearly something fairly widespread at the moment. For completeness, the member of staff screengrabbed each and every stage of the "questionnaire". We reproduce this here in full.
First Popup
All other stages to the survey
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Choosing your "prize"
One of the "prizes" on offer
And some blurb possibly giving away this scam's true origins
And the same for the alternate "prize"