Forum Thread

Phishing Popup on Mobile Site

ElectroWolf 5,755 797 March 9, 2016 at 12:02 PM
I was trying to peruse the SD mobile site this morning on my iPhone, and caught an interesting phishing popup notification while doing so. I've attached a few screenshots that I snapped from my phone while looking at the site.

I worked my way through it a bit to see what they were asking for, which eventually devolved into them asking me a few survey questions, and then wanting my email address so that they could send me my code for my "Free iPhone 6s!". Throughout the process, a fake Facebook commenting system displayed on one of the pages, to make it appear as though others were winning ones as well.

The entire thing was obviously a fake, and I would guess that it probably came via one of the ads displayed on the main SD homepage. I hadn't come across this before when viewing the site, so either I've been very lucky, or this malicious ad just got added to the rotation. If it matters any, the popup happened at around 8:30am-ish CST this morning.

A bit of extra info:
Phone: iPhone 6s, 64GB
Carrier: Verizon
Browser: Chrome
OS Version: 9.2.1 (Build 13D20)

Note, there are no malicious apps installed on my phone to cause this either. I recently factory reset my phone, so there's not much more other than Google-related apps.

18 Comments

1 2

Sign up for a Slickdeals account to remove this ad.

Joined Jul 2005
Toadally Irrelephant
7,592 Posts
1,187 Reputation
#2
I've been getting similar crap malvertising from s3.amazonaws.com when browsing Imgur on my iPhone yesterday and today. Annoyed
Reply Helpful Comment? 0 0
#3
Quote from ElectroWolf View Post :
I was trying to peruse the SD mobile site this morning on my iPhone, and caught an interesting phishing popup notification while doing so. I've attached a few screenshots that I snapped from my phone while looking at the site.

I worked my way through it a bit to see what they were asking for, which eventually devolved into them asking me a few survey questions, and then wanting my email address so that they could send me my code for my "Free iPhone 6s!". Throughout the process, a fake Facebook commenting system displayed on one of the pages, to make it appear as though others were winning ones as well.

The entire thing was obviously a fake, and I would guess that it probably came via one of the ads displayed on the main SD homepage. I hadn't come across this before when viewing the site, so either I've been very lucky, or this malicious ad just got added to the rotation. If it matters any, the popup happened at around 8:30am-ish CST this morning.

A bit of extra info:
Phone: iPhone 6s, 64GB
Carrier: Verizon
Browser: Chrome
OS Version: 9.2.1 (Build 13D20)

Note, there are no malicious apps installed on my phone to cause this either. I recently factory reset my phone, so there's not much more other than Google-related apps.
Quote from VorlonFrog View Post :
I've been getting similar crap malvertising from s3.amazonaws.com when browsing Imgur on my iPhone yesterday and today.
Thanks for the feedback. The screenshots are also very useful.

We're looking into it now. It should be pretty easy to find the source because we only have two large ad partners on mobile, both of them are among the most reputable. We have a pretty extensive block list and a very high standard for ad platforms, so a popup like this should be detected and never be served. We'll be sure to have this blocked and reiterate this to our ad partners.

If you continue to see this, please let us know.

Thanks.
Reply Helpful Comment? 0 0
Joined Jul 2005
Toadally Irrelephant
7,592 Posts
1,187 Reputation
#4
I worked with Amazon's EC2 / cloud abuse team to submit information on this particular pop-up. Looks like they've removed or blocked the malvertising. But I'm certain it will pop up (pun intended) again and again and again . . . Annoyed

Quote from AmazonEC2 :
Hello,

Thank you for your report, we appreciate your assistance in helping to identify potentially abusive content on our networks.

We've reviewed your report and at this time, the content appears to be no longer active or available. If you have any evidence otherwise, please let us know.

Reported Content:

hxxp://s3.amazonaws.com/mybenefit/fb/

Best regards,
Amazon EC2 Abuse Team
Reply Helpful Comment? 0 0
Joined Dec 2004
L9: Master
5,755 Posts
797 Reputation
Original Poster
#5
Quote from VorlonFrog View Post :
I worked with Amazon's EC2 / cloud abuse team to submit information on this particular pop-up. Looks like they've removed or blocked the malvertising. But I'm certain it will pop up (pun intended) again and again and again . . . Annoyed
Great news, thanks!!
Reply Helpful Comment? 0 0
#6
I had a pop-up along the same lines this morning approx 8:05AM Central. Similar link with s3.amazonaws.com. This one had SLICKDEALS.NET USER in the header with the fake facebook comments near the bottom of the page. Also had a timer "for the deal" and an "IP address has been logged"notification on the page. Similar list of "prizes" with iphone 6, etc.

The survey was asking for AT&T information, such as what was your last bill payment with 3 choices. Something choices such as over $100, under $100, I don't know. I did not give out any personal information but it is still concerning.

Sorry for the vague information, if you need the link let me know.
Reply Helpful Comment? 0 0
#7
Same happened to me today...
Reply Helpful Comment? 0 0
Last edited by JackB7421 April 2, 2016 at 09:19 AM
#8
Got the same thing today when I went to site on my mobile phone. I guess I'll stick with the site using my PC now.

It was this url
"hxxps://s3.amazonaws.com/mybenefit/fb/mobile/us/k001/a200.html?sid=SLICKDEALS.NET#b"
Reply Helpful Comment? 0 0

Sign up for a Slickdeals account to remove this ad.

Joined Jul 2014
L4: Apprentice
368 Posts
62 Reputation
Staff
#9
Hi guys - we are looking into this issue and will have resolved soon. Thanks for reporting and sorry for the inconvenience. These kinds of ads do occasionally sip through the cracks and we will suppress as soon as we can identify the culprit. Your info helps enormously, thanks again for your patience.
Reply Helpful Comment? 0 0
Joined Jul 2014
L4: Apprentice
368 Posts
62 Reputation
Staff
#10
Wondering if you were on the frontpage when the issue occurred, or a different section of the site. If at all possible, let me know - thanks!
Reply Helpful Comment? 0 0
#11
Quote from jeffyskate View Post :
Wondering if you were on the frontpage when the issue occurred, or a different section of the site. If at all possible, let me know - thanks!
Hey Jeffyskate.I got the pop up browsing the front page.
Reply Helpful Comment? 0 0
#12
Yep, FP here, too. Same happened today just a minute ago.
Reply Helpful Comment? 0 0
#13
I also just received it.
Reply Helpful Comment? 0 0
#14
https://s3.amazonaws.com/mybenefit/fb/nnc/index005.html?sid=os3

The above malicious link needs to be removed from SD's mobile advertising sponsors immediately, it is unacceptable mods.

5 pop-ups on that link in the last 7 hours as I browsed your hot deals forum on a mobile device....ridiculous.
Reply Helpful Comment? 0 0
Joined Jul 2005
Toadally Irrelephant
7,592 Posts
1,187 Reputation
#15
hxxps://s3.amazonaws.com/mybenefit/fb

Anything containing that root website should be immediately blocked/dropped. There are TONS of bad redirects hosted there, all of them embedded in rotating advertisements. I've previously notified Amazon AWS, and they apparently haven't blocked the user/site, yet. Annoyed

It would be nice if the site admins and developers would notify Amazon AWS.
Maybe they'll listen to a major supplier of valid business?
Reply Helpful Comment? 0 0
Page 1 of 2
1 2
Join the Conversation
Add a Comment
 
Copyright 1999 - 2016. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard