Mystery Popups

Back up to the Technical Documents category
From AAISP Support Site
Revision as of 00:04, 18 August 2018 by Reedy (talk | contribs) (clean up)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Mystery Popups - A Warning

We received a report from a customer about a popup window claiming to be from us, and encouraging the user to fill in a survey. The customer's email contained a number of pieces of information :-

It claimed to be representing you and asked two things:

1. What we thought about you as the ISP. It mentioned you by name.
2. A competition.

Anyway she ended up signing up for a trial diet nonsense which ...
We must pay for. We must pay postage  Total is only about £5 .....BUT!
To stop £79.99 going out every month I must return the good in a specially
requested package and then try to get through to the scammers again!

There is an issue here for me certainly but how on Earth did they know you
were the ISP? Could it be my daughter's firewall on her PC?

We of course replied to the customer but thought creating a page to serve as a warning to other customers of this scam being conducted in our name.

Was this from us?

Obviously not. We do not intercept browsing traffic in any way, let alone modify it to include headers that might cause a popup. We wouldn't undertake this kind of activity by any medium.

How did they know which ISP?

When a person browses a web page, the IP address that their traffic is coming in from (and sent back to) is recorded by the web server. This IP address is capable of being looked up in several ways, including at the RIR (Regional Internet Registry) level; in our case the RIPE database, or via DNS. In short when you browse the Internet, it is quite trivial for the operator of a web site to fairly accurately work out which ISP you are with unless you are browsing via a VPN or anonymity service such as Tor.

What do these popups look like?

As luck would have it, a few days after the customer's email, a member of staff had (we think) the same popup whilst browsing. So this is clearly something fairly widespread at the moment. For completeness, the member of staff screengrabbed each and every stage of the "questionnaire". We reproduce this here in full.

First Popup

Popup

All other stages to the survey

Step 1

Step 1

Step 2

Step 2

Step 3

Step 3

Step 4

Step 4

Step 5

Step 5

Step 6

Step 6

Step 7

Step 7

Step 8

Step 8

Step 9

Step 9

Choosing your "prize"

Step 10

One of the "prizes" on offer

Step 11

And some blurb possibly giving away this scam's true origins

Step 12

And the same for the alternate "prize"

Step 12

So in conclusion

It isn't from us. This is not the kind of thing we would get involved in. The "prizes" (if they really exist) look to possibly originate from Gibraltar or Cyprus, although we've not been able to do any further due diligence of the two companies named in the Ts and Cs. We strongly recommend that you do not participate in surveys claiming to be from us, since it's very unlikely we'd ever conduct a survey like this in our own right. If we ever did decide to do so, we'd make sure the survey was linked from our own site, and not an annoying popup.