Free PlayStations on the Internet are Probably an Online Scam

Labs

Free PlayStations on the Internet are Probably an Online Scam

August 30, 2016

By Jordan Herman

Did you know that you can get all kinds of free stuff, just by giving out your personal information? A treasure trove of prizes—iPhones, PlayStations, and even gift cards to Chili’s (arguably the most valuable prize of all) can all be yours simply by answering a few questions...and giving out your credit card number. Sorry to say, but this "windfall" is probably a scam.

You could practically taste those baby back ribs and mozzarella sticks, couldn't you?

thank you page

Overall, it sounds like a good deal—until you never get the prizes they promised you, even after filling out survey after survey and possibly exposing your device to malware in the process. To us folks in infosec, these ploys are pretty obvious, but threat actors have honed their tactics over time based on their victims' behavior to create faux surveys that make a surprising number of people excited to take them.

What's in an adversary's digital footprint?

So who is this dubious benefactor of Playstations and free fried food anyway? PassiveTotal tells us the page in figure 1, "2016prizefeed.com", belongs to "Reward Zone USA."

Checking Reward Zone, the registrant, in PassiveTotal reveals a large number of sites carrying out the same behavior.

Many of the sites in figure 3, are full of “customer reviews” telling you how it’s totally not a scam.

play station

But, if we check the OSINT data—another source within PassiveTotal that not only provides additional context, but also aids in augmenting the user's research process—we can see several legitimate sites with reports to the contrary.

Stay safe out there

This is just one of many scams out there that abuse brand names and employ sneaky tactics to steal sensitive information and infect users with all manners of malware. We’re currently in the middle of investigating this one, but I believe we’ll be adding most of Reward Zone USA’s sites to the RiskIQ's Global Blacklist when all is said and done.

RiskIQ customers can view one of our crawls of one of their pages here.

Questions? Feedback? Email research-feedback@riskiq.net to contact our research team.

Featured Posts

External Threat Management

The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need

Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...

#TwitterHack: How RiskIQ Data Exposed Hundreds of Domains Belonging to the Attackers

The discussions in the coming days and weeks surrounding yesterday's large-scale compromise of verified Twitter accounts, including those of Joe Biden, Barack Obama, and Bill G...

Partner Deep-Dive: RiskIQ Security Intelligence Services for Splunk

The average organization's digital presence has exploded in size. Even before COVID-19 spread their staff and operations outside the firewall, businesses were rapidly migrating...

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor

RiskIQ Illuminate® Datasheet

RiskIQ Illuminate® Datasheet

COVID-19 Solution Brief

5-Questions Security Intelligence Must Answer

5-Questions Security Intelligence Must Answer