Labs

Free PlayStations on the Internet are Probably an Online Scam

August 30, 2016

By Jordan Herman

Did you know that you can get all kinds of free stuff, just by giving out your personal information? A treasure trove of prizes—iPhones, PlayStations, and even gift cards to Chili’s (arguably the most valuable prize of all) can all be yours simply by answering a few questions...and giving out your credit card number. Sorry to say, but this "windfall" is probably a scam.

You could practically taste those baby back ribs and mozzarella sticks, couldn't you?

thank you page

Overall, it sounds like a good deal—until you never get the prizes they promised you, even after filling out survey after survey and possibly exposing your device to malware in the process. To us folks in infosec, these ploys are pretty obvious, but threat actors have honed their tactics over time based on their victims' behavior to create faux surveys that make a surprising number of people excited to take them.

What's in an adversary's digital footprint?

So who is this dubious benefactor of Playstations and free fried food anyway? PassiveTotal tells us the page in figure 1, "2016prizefeed.com", belongs to "Reward Zone USA."

Screen Shot 2016-08-30 at 11.40.22 AM

Checking Reward Zone, the registrant, in PassiveTotal reveals a large number of sites carrying out the same behavior.

Screen Shot 2016-08-30 at 11.43.26 AM

Many of the sites in figure 3, are full of “customer reviews” telling you how it’s totally not a scam.

play station

But, if we check the OSINT data—another source within PassiveTotal that not only provides additional context, but also aids in augmenting the user's research process—we can see several legitimate sites with reports to the contrary.

Screen Shot 2016-08-30 at 11.09.50 AM

Stay safe out there

This is just one of many scams out there that abuse brand names and employ sneaky tactics to steal sensitive information and infect users with all manners of malware. We’re currently in the middle of investigating this one, but I believe we’ll be adding most of Reward Zone USA’s sites to the RiskIQ's Global Blacklist when all is said and done.

RiskIQ customers can view one of our crawls of one of their pages here.

Questions? Feedback? Email research-feedback@riskiq.net to contact our research team.

Featured Posts

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor