Header Ads

SCAM ALERT! Beware of me-prize.com and its sub-directories.

In a WhatsApp group I belong to, someone shared a link with the following message:
*Urgent for Nigeria. On the occasion of Eid al-Adha get free credit for free, I swear I just got 3000 NGN 10GB internet free, offer for a limited period Quickly from here>>> http.//bit.ly/Nigeria-eid *

Clicking on the link (be very wary about clicking shortened links as you could become a victim of malware as a result of drive-by download) I was directed to the domain me-prize.com/Nigeria



A cursory inspection revealed that this website was a scam. The first red flag pointing to this conclusion was the supposedly “free” credit. Telco’s never give free credit, rather what they do is give bonuses or the same quantity of data at a reduced amount.

The Second red flag was in the domain, the me-prize.com/Nigeria has a subdirectory /Nigeria. So I decided to try out parent directory me-prize.com and I was welcomed with a “coming soon” notification.



 What kind of website has the parent directory with a “coming soon” sign while its subdirectories are giving out free credit?

I then decided to check out the parent directory me-prize.com on google to see what subdomains or subdirectories are associated with it. As you can see below I got 105 subdirectories for the same domain, ranging from /Visa, /Unesco, /Toyota, /Nigeria and many others. 



From this you can get a clear picture of the scam. You can see that the scammers instead of spending money opening more domains, thought it better to save cost by using the same domain but different directories.

The reason why this is going viral on WhatsApp is that upon providing a phone number you are redirected to a page that demands that you share with 30 people or groups on WhatsApp before you can receive your free credit.



The unfortunate thing is even if you share with all your WhatsApp contacts you will always get the same message saying “unfortunately, you did not post the invitation to 15 people on whatsapp, please return the steps correctly.”



We can see why we get the same error message looking at the source code from the site as seen above. Anyone who knows a bit of javascript can see that the “get credit” button has been set to alert the above message once it is clicked. So even if you share to 1000 people you’ll still get the message that you did not follow the steps correctly. By using this ingenious social engineering tactic the scammers will have people continually sharing the link in hopes of finally getting past the error message.

Finally, they provide a bogus series of comments below of people who have supposedly gotten their free credit. You can see the number of comments is 475, but notice if you scroll down to the bottom of the page there is no next button to view more comments.



From what I can observe, this seems like just a grand scheme to get personal identifiable information from people or it could be a first step in a more sinister plot. If it is the latter, then expect more social engineering scams to follow for the people who fell for this. So be alert and remember, there is no free lunch even in Freetown. 

No comments

Powered by Blogger.