This morning when trying to get to Uber, I managed to misspell the domain. It happens. What I didn’t expect was to get redirected to a web page and pop up telling me a serious security threat might have been detected and to call the number on my computer screen. That’s the last thing you should do even though the message may look convincing. This is a simple internet security scam.
This scam works partly because the message shows some legitimate information. In my case, the message showed my internet provider, location, and IP address. And to add a good measure, a time stamp was included. I’ve blurred out portions so people won’t call the number.
If you’ve read my earlier article on web logs , you’ll remember that this info is captured by the web browser. These folks are echoing back the info the browser captured. Of course, I can’t tell which company is behind this, but I would bet if I called the number, they would tell me I have adware and offer to remotely clean it up or offer a software package for a fee.
While doing a little research on this, I found an even better example that was posted by Lenny Zeltser. You’ll see in this YouTube video a security scam that adds some logos and a computer voice.
I’m familiar with Lenny’s work as he has written a number of security articles on his own site as well as for Internet Storm Center . I headed to his site and was delighted to see where he outlined the conversation he had with one of these people.
Interestingly, when I went to trace the redirects for this domain, I couldn’t repeat the results. Instead of seeing this bogus security threat, I ended up on a legitimate page for another site. However, I went through 3 different ad networks first.
I’m not really sure why all the redirects above, but I suspect the folks at Lyft had no part in this. I think whoever owns the first domain (the one I misspelled) I visited has some redirection script in place.
The lesson I learned, apart from being more careful, is that people will try to take advantage of your mistakes. In retrospect, I should’ve first searched for the company in Google and used their system to help me find the correct URL.