steven36 Posted November 5, 2018 Share Posted November 5, 2018 Online swindlers looking for a quick buck are using a domain that can be easily confused with a voter information website to redirect users to pages pushing various types of scams. With the US midterm elections on November 6 and English comedian John Oliver promoting the website on his show last week, visits to VOTE411.org increased significantly. Top-level domain confusion The boost in popularity during this period draw the attention of online scammers who used the .com version of the original domain to point visitors from macOS and iOS platforms to pages showing fake malware infection alerts. The scammers attempt to take advantage of the users that do not pay attention tot he TLD (top-level domain) detail and instead of adding .ORG at the end of the domain name they go with the more popular .COM. This is the classic technical support scam where the victim is supposed to call a number to receive paid assistance in removing the threat. Pretending to be part of a popular company's support staff the scammers' purpose is to trick the victim into paying for fake services. Amanda Rousseau of Endgame discovered the VOTE411 scam and recorded the redirects coming from the .com variant. The alert that pops up on the screen says that the iPhone is infected with the Pegasus spyware (known as the creation of the Israel-based company NSO Group) and provides a phone number for assistance. Quote Was watching @iamjohnoliver and discovered that vote411[.]com was redirecting to a site trying to distribute "Pegasus Spyware" malware only on IOS. Recorded the redirects: pic.twitter.com/KxoJGBZWbg — Amanda Rousseau (@malwareunicorn) November 4, 2018 The fraudsters have set up multiple redirects, some of them for pages specifically designed for iOS users. Lukas Stefanko of ESET also analyzed the scam and says that it does not attempt to deliver a binary. "Most of the time, it leads people to SMS subscription or to lure credit card details," he replied to Rousseau. He added that when he loaded the website on an Android device he received a localized version of the scam that enticed the user with the opportunity to win a $6.5 million jackpot. Quote This is scareware, it is not going to infect device with binary. Most of the time, it leads people to SMS subscription or to lure credit card details. Basicaly, it is aggressive advertisement implemented by site. In Android case, it says I have great chance to spin for $6,5mil. pic.twitter.com/whA8QIM1F3 — Lukas Stefanko (@LukasStefanko) November 4, 2018 It is easy to confuse the name of a domain and land on a dangerous page. The typical recommendation when a website shows alerts about your system being infected with malware is to close it immediately. Source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.