Monday, 26 February 2018

Online casinos: promising bitcoins to trap players (English translation)

(This is an English translation of a Radio-Canada article that exposes the identity of the rogue Casino Awards affiliate. Copyright 2018 CBC/Radio-Canada. All Rights Reserved.)

CBC/Radio-Canada has discovered an international network of fake news sites that attempts to make Canadians believe that they will earn hundreds of dollars by registering for an online casino. The misleading articles argue among other things that bet $10 is equivalent to making an investment in bitcoins, and that players are "virtually guaranteed to make at least $250".

By Jeff Yates

"Here. Finally. In Canada. You have a one-way ticket for billions of Bitcoins", announces a January 31st post on the "My Bitcoin Canada" Facebook page. In the video, we see a young woman supposedly win $1,000,000 by playing on an online casino.

The link in the post takes the user to a news article on an obscure site called "Tribune News Now". "If you are from Canada, you are about to become really rich: this Bitcoin casino is a real cash cow and Canadian residents make millions," it says.

The article states that a Quebecer named Jonathan Desormeaux has won more than 13 million dollars by betting his last $10 at this casino.

In addition, the supposed functioning of this "new online casino" is explained.  "The casino takes the $10 deposit made by the players and instantly changes it into Bitcoins before reselling it for dollars. It is rumored this is how the casino makes its money; they use the players as instant investors in Bitcoin. The average player receive about $250 to $300 from his initial bet but some players gain larger amounts"

However, the article sends us to the site of a typical online casino that has nothing to do with bitcoins. The page asks the user to register and make a deposit of $10. The casino does not promise the player automatic winnings of several hundred dollars, contrary to the article. This is actually a fraudulent cost-per-action marketing (CPA) scheme.

How does CPA marketing work?

When a partner signs up for a CPA program, he earns money each time a user who has been referred does something on their website. In this case, the site owner earns a certain amount when a user who has been referred to the casino page registers and makes a deposit of $10. The fake news described above is used to lie to the user and encourage him to deposit $10 under false premises.

An international network:

In addition to the fraudulent ads targeting Canadians, we found similar fake news stories on related sites that target other countries, such as the United Kingdom, Germany, Denmark, Finland, India, Iceland, Norway, New Zealand, Russia, Sweden and Slovakia. These ads use identical tactics to try to dishonestly convince people in these countries to sign up for online gambling sites.

Other fake news articles exist to sell beauty products. One, for example, falsely claims that a young skin care business owner won a major contract on Dragon's Den . The article also contains fake quotes from celebrities, such as Jennifer Aniston and Celine Dion. Users are then invited to click on a link which supposedly allows you to buy a free sample of the aforementioned skin care product.

Radio-Canada managed to find the owners of these sites, two South Africans named Paul Domanski and Shaun Van Doorn. Their marketing company, Yazimedia, has registered no less than 126 sites in the last few years, according to a search done using DomainTools. On many of these sites, one can find the aforementioned fake news.

On one of these sites, Radio-Canada found a screenshot of what appears to be a dashboard that compares the performance of several CPA advertising campaigns. According to the screenshot, 19 different fake news campaigns appear to have generated 111,000 visits and made Yazimedia about $164,000. The fake articles targeting Canadians seem to have been visited about 20,000 times and generated an income of about $32,000. It was impossible to determine when Yazimedia got the money.

Unlike traditional ads, where the advertiser gets a fixed amount for each click or impression, CPA ads may generate varying amounts depending on the agreement with the advertiser. At the Casino Rewards group, which these advertisements promote, affiliates can choose three income options : either they earn $50 each time a customer they referred to the casino signs up, or they earn a percentage of all the money this customer loses at the casino.

A dubious practice:

When contacted, Loto-Québec insisted that the only legal games of chance in the province of Québec, whether on the Internet or in real life, are those licensed by them.

There are several scams on the Internet. When an offer seems too good to be true, one must be very careful. If you find advertisements of this type on a social media site, it is recommended to report them as soon as possible to the administrators of the website so that they can act accordingly.

Neither Yazimedia nor the Casino Rewards group, which benefits from these fraudulent advertisements, responded to Radio-Canada emails.

Casino Rewards owns some 30 online casinos and encourages Internet users to join its CPA program. On the page for affiliates, it is explained that they are not allowed to make a promotional campaign that "breaks a law, that is published on a site that violates copyright, or that could tarnish the reputation of Casino Rewards". It is not clear, however, whether or not it is permissible to lie to the audience or to use fake news in advertisements.
Posted by at 7 comments:

Sunday, 18 February 2018

Pink Diamond renames itself back to Creme

The Jennifer Aniston scam is back, and so is the product name "Creme Anti-Aging Moisturizer". I also found a version of the Sally Field scam in the "checkout" subdomain of a site that had failed to set up the redirect; that one's also gone back to Creme. AVOID THIS PRODUCT LIKE THE PLAGUE, NO MATTER HOW MANY TIMES THEY RENAME THEMSELVES.
Posted by at No comments:

Saturday, 10 February 2018

Joel and Victoria Osteen have NOTHING to do with BioDermRX

There is a new fake news story from the BioDermRX team. It pretends to be People Magazine, and claims that Joel and Victoria Osteen have resigned from their church and created BioDermRX. This is total bullshit, and I think I read a story on a Houston local news site where they denied it. The usual red flags (free trials, fake comments, etc. etc.) are there, as always; I have also been seeing their AdSense ads while using an USA-based VPN, making this a rare example of an international scam campaign. I couldn't link the fake news story via Archive.is because the scammers used a redirect to Google to defeat archiving services; as a consolation, here is a Pastebin link.

UPDATE: They've changed it to mention another product called "Perlelux" (which they misspelled as "Prerelux"). Still the same old.

UPDATE 2: They've changed it again, this time to advertise Creme.

UPDATE 3: Back to "Prerelux" (sic) again.

UPDATE 4: A few of their ads (and redirection sites) are still up, but the actual code that redirects you from the landing page to the fake news story has been removed.
Posted by at No comments:

Wednesday, 7 February 2018

Chantel St. Claire is just another name for Creme/Pink Diamond

Recently, I found another version of the Sally Field fake news story. Instead of Creme or Pink Diamond, it advertises a product called "Chantel St. Claire". (I am not linking to it, as the only difference is the name of the product.) Do not buy this product; it is the same scam as before.

UPDATE: They changed it back to Pink Diamond. Again, same old.
Posted by at No comments:

Wednesday, 31 January 2018

Pauley Perrette Scam 2: Crappy Edition

This is Pink Diamond's version of the Pauley Perrette scam. There are a lot of differences between this one and Essence of Argan's (besides the name of the product, of course); these include crappy formatting, bad grammar, and improperly-stretched images. The team at Pink Diamond appears to be really bad at basic HTML; this version looks half-assed compared to Argan's. The red flags are the same: "free trial" links, made-up results, and fake comments. Once again, stay away from Pink Diamond.
Posted by at No comments:

Sunday, 21 January 2018

Meghan Markle Scam Part 2: New Layout, Same Scam

This is a slightly different version of the Meghan Markle scam. There are multiple differences from the earlier version:

  • It doesn't pretend to be People Magazine, and instead uses a variation of the "Entertainment Today" layout.
  • The fake news story itself is based on the Kate Middleton scam instead of the Joanna Gaines scam.
  • Instead of Creme or Pink Diamond, it advertises a different product called "Derm Naturale Skin Care".
  • The fake results are replaced with additional fake celebrity endorsements.
  • There are fake comments copy-pasted from the Kate Middleton scam.
The other red flags are the same; no real news outlet would provide "free trial" offers and it's still basically the same old. Do not buy Derm Naturale, and don't believe everything you read on the Internet.

EDIT: They changed it to advertise Pink Diamond. Still the same old.
Posted by at 1 comment:

Saturday, 20 January 2018

Meghan Markle Fake News Farm (Creme/Pink Diamond): IPWHOIS Info

This is some info related to the newest CHK/Creme/Pink Diamond fake news farm: the Meghan Markle scam. They are trying to capitalize off the upcoming Royal Wedding using a fake People Magazine article. The domain WHOIS isn't accurate, so I used an IP-lookup tool on the "checkout" subdomains (used to store the fake news itself) and then used an IPWHOIS tool on the resulting IP addresses.

theterraingym.com:

inetnum         94.23.179.0 - 94.23.179.127
netname         OVH_58178988
descr           OVH
country         IE
org             ORG-AG110-RIPE
admin-c         OTC9-RIPE
tech-c          OTC9-RIPE
status          ASSIGNED PA
mnt-by          OVH-MNT
created         2014-03-27T23:06:07Z
last-modified   2014-03-27T23:06:07Z
source          RIPE

organisation    ORG-AG110-RIPE
org-name        Adboom Group
org-type        OTHER
address         750 B Street
address         San Diego, CA
mnt-ref         OVH-MNT
mnt-by          OVH-MNT
created         2014-03-21T18:34:58Z
last-modified   2017-10-30T16:27:33Z
source          RIPE # Filtered

role            OVH IE Technical Contact
address         OVH Hosting Limited
address         5 Fitzwilliam Place
address         Dublin 2
address         Ireland
admin-c         OK217-RIPE
tech-c          GM84-RIPE
nic-hdl         OTC9-RIPE
abuse-mailbox   abuse@ovh.net
mnt-by          OVH-MNT
created         2009-09-16T15:41:10Z
last-modified   2009-09-16T15:41:10Z
source          RIPE # Filtered

route           94.23.0.0/16
descr           OVH ISP
descr           Paris, France
origin          AS16276
mnt-by          OVH-MNT
created         2008-07-15T16:59:42Z
last-modified   2008-07-15T16:59:42Z
source          RIPE # Filtered

thefitbuzz.com:

inetnum         54.36.68.64 - 54.36.68.127
netname         OVH_150179966
country         FR
descr           Failover Ips
org             ORG-NE28-RIPE
admin-c         OTC2-RIPE
tech-c          OTC2-RIPE
status          LEGACY
mnt-by          OVH-MNT
created         2017-09-01T08:48:25Z
last-modified   2017-09-01T08:48:25Z
source          RIPE

organisation    ORG-NE28-RIPE
org-name        Nordyke Eric
org-type        OTHER
address         390 North Ave
address         15301 Houston
address         US
phone           +1.4122166063
mnt-ref         OVH-MNT
mnt-by          OVH-MNT
created         2016-06-29T07:16:03Z
last-modified   2017-10-30T16:50:51Z
source          RIPE # Filtered

role            OVH Technical Contact
address         OVH SAS
address         2 rue Kellermann
address         59100 Roubaix
address         France
admin-c         OK217-RIPE
tech-c          GM84-RIPE
tech-c          SL10162-RIPE
nic-hdl         OTC2-RIPE
abuse-mailbox   abuse@ovh.net
mnt-by          OVH-MNT
created         2004-01-28T17:42:29Z
last-modified   2014-09-05T10:47:15Z
source          RIPE # Filtered

route           54.36.0.0/16
origin          AS16276
mnt-by          OVH-MNT
created         2017-10-06T07:57:47Z
last-modified   2017-10-06T07:57:47Z
source          RIPE

themastermuscle.com:

inetnum         94.23.179.0 - 94.23.179.127
netname         OVH_58178988
descr           OVH
country         IE
org             ORG-AG110-RIPE
admin-c         OTC9-RIPE
tech-c          OTC9-RIPE
status          ASSIGNED PA
mnt-by          OVH-MNT
created         2014-03-27T23:06:07Z
last-modified   2014-03-27T23:06:07Z
source          RIPE

organisation    ORG-AG110-RIPE
org-name        Adboom Group
org-type        OTHER
address         750 B Street
address         San Diego, CA
mnt-ref         OVH-MNT
mnt-by          OVH-MNT
created         2014-03-21T18:34:58Z
last-modified   2017-10-30T16:27:33Z
source          RIPE # Filtered

role            OVH IE Technical Contact
address         OVH Hosting Limited
address         5 Fitzwilliam Place
address         Dublin 2
address         Ireland
admin-c         OK217-RIPE
tech-c          GM84-RIPE
nic-hdl         OTC9-RIPE
abuse-mailbox   abuse@ovh.net
mnt-by          OVH-MNT
created         2009-09-16T15:41:10Z
last-modified   2009-09-16T15:41:10Z
source          RIPE # Filtered

route           94.23.0.0/16
descr           OVH ISP
descr           Paris, France
origin          AS16276
mnt-by          OVH-MNT
created         2008-07-15T16:59:42Z
last-modified   2008-07-15T16:59:42Z

source          RIPE # Filtered

As you can see, the scammers are using OVH, a cloud hosting company that doesn't have write access to their own cloud servers, to store their fake news articles.


Posted by at No comments:
Subscribe to: Posts (Atom)