Some Competitions Are Not Worth Winning

AVG (AU/NZ) warns of ‘Cost per Action’ cyber fraud

AUCKLAND 10 April 2012 – AVG (AU/NZ) Pty Ltd, the distributor of the award-winning AVG Internet and mobile security software in New Zealand, Australia and South Pacific, alerts Internet shoppers to be on the lookout for scams infiltrating online competitions.

Michael McKinnon, Security Advisor at AVG (AU/NZ) Pty Ltd, said: “Cyber criminals have created highly lucrative illicit revenue streams by using legitimate advertising networks and fraudulently altering promotional collateral, including competition entry forms – often from large and otherwise trusted brand names.”

The method that makes this type of fraud possible is a commercial Internet marketing arrangement known as “Cost per Action” (CPA) sometimes also called “Cost per Acquisition”, which pays an advertiser for each action they can get someone to complete. These actions can be as simple as capturing an email address from a competition entry, or as complex as an online marketing survey that takes 15 minutes to complete.

Online fraudsters sign up to an advertising network - usually with false details, but just enough to collect a payment. They then copy and digitally alter promotional and competition offers to make them seem much more enticing – such as changing a $100 prize to a $10,000 prize. This produces better response rates to the legitimate offer and hence opens more people to the scam.

Falling for a CPA scam is at its most innocuous a time waster but according to McKinnon there are more serious ramifications:

There is the risk of divulging potentially personal information in surveys and other forms that may act as a springboard for either identity fraud if the data ends up in the wrong hands and costing money, or much more time being wasted through dealing with further contact from telemarketers and other companies making direct contact with all manner of offers.
A blended threat may occur by innocently providing your mobile phone number in an online survey and then receiving an SMS offer which contains a malicious link to a rogue mobile application which in turn starts sending premium SMSs that are charged to your monthly bill without you noticing, and again putting money in the pockets of the scammers.

McKinnon says: “The saddest part is that people who are vulnerable - to the extent that they fall for the initial survey and competition scams - are often very easy targets for further attack, and cybercriminals like to exploit this to their advantage by extending their reach with each victim.”

AVG (AU/NZ)’s clues as to what to look for and how to avoid trouble:

One of the most obvious tell-tale signs can be mismatched buttons or images. For example, sometimes an ‘action’ button is a slightly different colour from the rest of the page, and a different size and alignment. These ‘amateurish’ adjustments are clues which you should scan carefully for.
Being directed to multiple offers or surveys in quick succession is a sign that you’re being led down ‘scammer’s lane’. It is common for cyber crooks to chain lures together to encourage you to fill out several entries – remember for each one you complete, they receive a fraudulent payment.
The URL in your browser address bar can provide some idea of the legitimacy of the offer or survey form. The most obvious sign is an IP Address http://n.n.n.n/ - (where n is a number) instead of a domain name.
Many of these types of fraudulent offers and promotions are presented in conjunction with other viral campaigns. For example, if you try to click on a video and then you get a popup asking you to enter the competition or complete a survey first, this signals you are being scammed into providing the ‘action’ that is going to put money in the scammer’s pocket and waste your time.

For safe, fun online exploration McKinnon advises that: “Vigilance and calm are the key words here. Take your time, read and look carefully and don’t click before you think.”

For the series of informative security tips, how-to and fact sheets see:

www.avg.co.nz/resources/security-tips/. For video tips from AVG (AU/NZ), see: www.youtube.com/user/avgaunz

Keep in touch with AVG (AU/NZ)

For breaking news, follow AVG (AU/NZ) on Twitter at twitter.com/avgaunz
Join our Facebook community at www.facebook.com/avgaunz
For security trends, analysis, follow the AVG (AU/NZ) blog at resources.avg.co.nz

### ENDS ###

© Scoop Media