in Meddling

Fake Amazon survey gift webpage

Fake Amazon survey popup

I was reading a cool story on this afternoon when suddenly my mobile browser was redirected to a fake survey purporting to be from I’d seen this once before so I thought right away to screenshot it and save a copy of the page.

First it put a pop-up that enticed me to click “OK.” I declined. 🙂 After moving past that dialog, the user is presented with brain-dead-easy survey questions, promising an iPhone X or a $1000 gift card as a reward:

I Googled a handy webpage for reporting Amazon-like phishing emails or webpages to Amazon so I did the needful and sent the link to Amazon’s “stop spoofing” email address.

Poof! The site disappeared from the Internet instantly. I’m assuming the DNS record had a short time-to-live (TTL) to start with because, honestly, it vanished with astonishing speed. Or maybe Jeff Bezos’s secret worldwide team of minions tracked down the perpetrator and whacked him, I don’t know.

The con man in question registered the domain using Namecheap and hid his registration with WhoisGuard:

Registry Domain ID: D60434953-CNIC
Registrar WHOIS Server:
Registrar URL:
Updated Date: 2018-02-01T14:00:25.0Z
Creation Date: 2018-02-01T14:00:22.0Z
Registry Expiry Date: 2019-02-01T23:59:59.0Z
Registrar: Namecheap
Registrar IANA ID: 1068
Domain Status: serverTransferProhibited
Domain Status: clientTransferProhibited
Registry Registrant ID: C176571093-CNIC
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.

As you can see, the domain was only live for 7 days and I had it taken down in 7 minutes. 🙂

The HTML had some Javascript code that used Hungarian language:

var slidewhere = 0;
var holvanszlider = 0;
function drawszlider(ossz,meik){
var szazalek = Math.round((meik*100)/ossz);
holvanszlider = meik;
t = setTimeout("drawszlider(100, slidewhere);slidewhere = holvanszlider + 1; if (slidewhere > 100) {slidewhere = 100;}",62);

… and check this out! You can’t even win the iPhoneX or a Samsung S8. It’s totally rigged! Of all the low-down, sneaky schemes …

document.getElementById("pz2").innerHTML ="Your prize<br><b>$1000 Amazon Gift Card</b>";
document.getElementById("pz1").innerHTML ="<br><b>Apple iPhone X 256G</b>";
document.getElementById("pz3").innerHTML ="<br><b>Samsung Galaxy S8</b>";
document.getElementById("img2").src = "wm.png";
document.getElementById("img1").src = "iphoneX.png";
document.getElementById("img3").src = "samsungs8.png";
document.getElementById("img1").onclick = function(){alert("Unfortunately, this offer is no longer available, please select another offer. ")};
document.getElementById("img3").onclick = function(){alert("Unfortunately, this offer is no longer available, please select another offer. ")};

The trusting user is then left with the “Amazon Gift Card.” All they need to do is enter in their information into a form. I’m not sure what they’re asking for because I didn’t get that far with this. Hopefully not bank account information, though any info you hand over will be info you wish you hadn’t, I’m sure:

alert("Step 1: We reserved your $1000 Amazon Gift Card!\n\nStep 2: Fill in the correct deliver information and follow the instructions to receive your $1000 Amazon Gift Card!");

Here’s how the site looked in Google’s cache, right after the site was disabled:

Fake Amazon Survey Gift website

Bottom line: don’t be fooled by fake websites promising you something for nothing. 🙂