Tip:
Highlight text to annotate it
X
Hello everybody, Paul Ducklin here from Sophos in Sydney. Today, there's been a huge spam
campaign on Twitter about "free iPhones". It is a typical bait-and-switch scam, so let
me show you very quickly how this sort of thing works.
I'll start off by going to twitter dot com. I'm going to search for "look at the free
iphone", and you'll notice that I get loads of hits, all of them recent.
By the way, I've added a modesty curtain here - some of the accounts were freshly created
for this campaign; others, however, look like they are genuine accounts with hacked passwords.
Right. Now, ignoring how unlikely it sounds that we'll get a free iPhone, let's take the
bait and click on a link.
And good on bitly - they've blocked the redirection so we can't get to the site at all. But let's
pretend it wasn't blocked and that we could click through.
Now, we're on a so-called affiliate marketing site and - what a surprise! - the offer I
just clicked on is not available in my area. So that's Switcheroo Number One.
There are some local looking offers, however, including this one allegedly from BigPond,
which is Australia's largest ISP. 10 free DVDs sounds pretty good, and that's Bait Number
Two.
So, we'll click that...
...and that's not at all what I expected! That's a rather a grotty looking beach, actually,
at least if you're from Sydney.
Anyway, notice that the DVDs have vanished. They've morphed into TV channels; BigPond,
the brand-name bait, has vanished; and so, in fact, has any business connection with
Australia. So that's Switcheroos Number Two, Three and Four, all in one hit.
Moving on, and we get an annoying popup video. That's Jennifer, showing us the size of the
fish she just caught, presumably on the aforementioned beach. OK, enough of this - let's leave the
site...
...and here's Dodgy Behaviour Number Seven. It's trying to pressurise us into staying
on the page. So I'll play along, and I'm going to hit Cancel, and then take you to the bottom
of the page for our last laugh.
Remember how all this started with a free iPhone? Well, two Baits, four Switches and
and one shonky piece of JavaScript later and we're now trapped in a web page for a service
which doesn't even support the iPhone at all.
And that, Ladies and Gentlemen, is why it's called bait-and-switch.
Remember: don't buy, don't try, don't reply.
Thanks for listening. Until next time, stay secure.