business, technology, internet and office concept - businessman and businesswoman with smartphone and tablet pc computer in office

Deceptive URL mentions “Nexus”, promises iPhone 6s

With rumors floating around of Google‘s up-and-coming mobile product, a new Nexus 7 Android tablet, that is expected to be an Apple iPad contender, the curious may start wondering and searching online. Rest assured, there are lots of destinations on the Web where one can read about this rumored tablet and more. Our only advise is to be very careful when visiting sites that may seem legitimate but are actually dodgy.

Case in point, if you visit google-nexus[DOT]net, a newly registered domain, one is directed to this:

pop-up-ptrackers

click to enlarge

Congratulations Google user!

You are selected by Google to be among the first few persons to win an iPhone 6s or other Google prizes! This free gift is exclusively only for loyal Google users in GB.

Please confirm that you are the owner of this computer by clicking OK.

Here’s another version of the overlay:

ptrackers

click to enlarge

Hitting the OK button closes the overlay to reveal the first of the four questions users are supposed to answer. They are as follows:

Congratulations PlusNet Technologies Ltd User! Your computer has Won (1) Google Gift!

Every Monday we select 10 lucky Google users randomly once a day to receive a gift (Prize Guaranteed!) from PlusNet Technologies Ltd, our sponsors. This free git is exclusively ONLY for PlusNet Technologies Ltd users in GB! This is just our way to thank you for your continuous support for our product and services.

You have been selected to win a gift from PlusNet Technologies Ltd worth up to 619 if you answer the next 4 questions correctly.

ACT NOW! 9 other Google users have received this invitation with only 5 prizes to win.

Notice that this scam also mentions the UK ISP provider, PlusNet Technologies, supposedly as an added lure for users to take the survey and “win a prize.”

After all four questions have been answered, users then see that the page runs a series of “checks” before showing them a list of items they’re supposed to choose from; however, the first two are greyed out—they’re “unavailable,” somehow—which leaves them with one option left: the iPhone 6s.

congratulations

click to enlarge

Clicking the green “Claim(£5)” button pops up the following:

ptrackers-claim

click to enlarge

(1) iPhone 6 worth £619 has been reserved to you by Google!

You are among the first few persons in GB to own the new iPhone 6s!

***THE RULES*** 1. Register your valid email and enter your shipping address at the next page. 2. Pay £5 (Google shipping and Handling Fees) to receive your free iPhone 6s tomorrow!

Clicking the “Okay” button finally directs users to a dead-end:

eioffer

click to enlarge

You did not come through the appropriate click-through URL. Navigating directly to this page produces an error. To avoid this error, set a default offer for the landing page to handle this scenario.

As of this writing, google-nexus[DOT]net no longer redirects but the survey domain is still up and running.

This is what the .net site looks like now:

new-goog-nex

click to enlarge

The links on it make calls to quickdomainfwd[DOT]com, which has a record of red flags from various security-related sources on the Web [1][2][3][4].

Malwarebytes products already block all URLs related to this campaign.

Other related post(s):

Jovi Umawing (Thanks to Steven)

ABOUT THE AUTHOR

Jovi Umawing

Knows a bit about everything and a lot about several somethings. Writes about those somethings, usually in long-form.