Free PlayStations on the Internet are Probably an Online Scam

Labs

Free PlayStations on the Internet are Probably an Online Scam

August 30, 2016

By Jordan Herman

Did you know that you can get all kinds of free stuff, just by giving out your personal information? A treasure trove of prizes—iPhones, PlayStations, and even gift cards to Chili’s (arguably the most valuable prize of all) can all be yours simply by answering a few questions...and giving out your credit card number. Sorry to say, but this "windfall" is probably a scam.

You could practically taste those baby back ribs and mozzarella sticks, couldn't you?

thank you page

Overall, it sounds like a good deal—until you never get the prizes they promised you, even after filling out survey after survey and possibly exposing your device to malware in the process. To us folks in infosec, these ploys are pretty obvious, but threat actors have honed their tactics over time based on their victims' behavior to create faux surveys that make a surprising number of people excited to take them.

What's in an adversary's digital footprint?

So who is this dubious benefactor of Playstations and free fried food anyway? PassiveTotal tells us the page in figure 1, "2016prizefeed.com", belongs to "Reward Zone USA."

Checking Reward Zone, the registrant, in PassiveTotal reveals a large number of sites carrying out the same behavior.

Many of the sites in figure 3, are full of “customer reviews” telling you how it’s totally not a scam.

play station

But, if we check the OSINT data—another source within PassiveTotal that not only provides additional context, but also aids in augmenting the user's research process—we can see several legitimate sites with reports to the contrary.

Stay safe out there

This is just one of many scams out there that abuse brand names and employ sneaky tactics to steal sensitive information and infect users with all manners of malware. We’re currently in the middle of investigating this one, but I believe we’ll be adding most of Reward Zone USA’s sites to the RiskIQ's Global Blacklist when all is said and done.

RiskIQ customers can view one of our crawls of one of their pages here.

Questions? Feedback? Email research-feedback@riskiq.net to contact our research team.

Featured Posts

External Threat Management | Labs

Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers

RiskIQ's Team Atlas has uncovered still more infrastructure actively serving WellMess/WellMail. The timing here is notable. Only one month ago, the American and Russian he...

Joining Microsoft is the Next Stage of the RiskIQ Journey

Today Microsoft announced its intent to acquire RiskIQ, representing the next stage of our journey that's been more than a decade in the making. We couldn't be more ...

Media Land: Bulletproof Hosting Provider is a Playground for Threat Actors

Bulletproof hosting (BPH) is a collection of service offerings catering to internet-based criminal activity. These businesses often operate in a grey area, attempting to appea...

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor

Forrester Wave: External Threat Intelligence Services, Q1 2021

RiskIQ Illuminate® Internet Intelligence Platform Datasheet

Five Security Intelligence Must-Haves For Next-Gen Attack Surface Management

Threat Investigations and Response RiskIQ Solution Brief

Illuminate One-Hour On-Demand Event