MS Threat Research & Response Blog

JMH

JMH

Banned
Local time
4:41 AM
Messages
6,448
Let’s Celebrate Best Buy's 20th Anniversary

Last week, I was checking my Facebook account and noticed I had an Event Invitation from a fellow security researcher. Very intriguing. This friend is a world traveler and doesn’t currently reside in the United States, but the Event Invitation was for a Free $1000 "Best Buy gift card to celebrate Best Buy’s 20th Anniversary".

Alarm bells started ringing and I knew it had to be a scam. But let’s take a look...


bb-1.png



There was no reason I could think of why they would use a bit.ly URL unless they didn’t want people to notice right away that it wasn’t a Best Buy site. This way, people are forced to click through. (There are good reasons for using bit.ly. For example, a medium such as Twitter restricts the size of your entry. Or you have a legitimate need to obfuscate the URL.)


bb-2.png



The first thing I noticed was:

"AmazingFreeRewards.com is not affiliated with Best Buy®, Inc."

ALL of the links on this page return you to this page, except for the Gift Status link that requires a login, a login that you would create if you followed the process through to that point. Thus, there is no Privacy Policy nor any other information available. But if you enter a ZIP code, you will be transported to…


bb-3.png



All the links here react similarly as the previous page (see tabs; returns or requires login). But look at all the information they want. Those are many data items that qualify as Personally Identifiable Information (PII) for which a Privacy Policy is required because there are legal ramifications for their inadvertent dispersal. (I hesitate to call them legal protections as all we get is notification.)
Click to expand...
Source -
Let’s Celebrate Best Buy's 20th Anniversary - Microsoft Malware Protection Center - Site Home - TechNet Blogs
 

My Computer My Computer

Computer Manufacturer/Model Number
LAPTOP. HP Pavilion dv7-4010TX .
OS
Win 7 Ultimate 64-bit. SP1.
CPU
Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6MB Cache.]
Memory
8 DDR 3 RAM. 1066MHZ
Graphics Card(s)
ATI 1024 MB. DDR3. Radeon HD5650
Monitor(s) Displays
17.3" High Definition Brightview LCD. LED Backlit.
Screen Resolution
1600 x 900.
Hard Drives
640GB
Case
Laptop / notebook.
Mouse
Logitech Anywhere mouse. MX.
Internet Speed
ADSL [ but too slow ]
Excellent post! :cool:

There was an Event on Facebook. Friends are giving up their friends' personal data by RSVPing to the offer. Almost 10,000 people gave this company all their Facebook info about themselves and their friends. This company has possibly accumulated over one-third of a million email addresses for its future spam campaigns, or perhaps it plans to sell the list to other spammers. Such a list is worth more than a couple thousand dollars. Pretty good returns for the creation of a Facebook Event.
Click to expand...
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
You must log in or register to reply here.
Back
Top