We just identified a new wrinkle in the mobile cramming scam we discovered last June. For a quick refresher, this is a technique Black Hat affiliates use to pose as legitimate coupon sites and trick users into entering their mobile numbers – thus entering them into a “subscription” service that ends up billing them monthly.
This new scam differs in two ways. First, the ads only run on Google Mobile, and are only viewable on mobile devices. The second difference is that rather than faking the display URL, the scammer takes some visitors to a legitimate coupon site that appears to have scraped content and affiliate links from another affiliate site. Other users are sent to a splash site prompting users to enter their cell phone numbers and enlisting them in a mobile recurring billing scam.
For instance, if a Google Mobile user does a search for “office depot coupons” on their device they would end up on a page similar to the following: (the exact results page is dependent on the IP address, whether or not an affiliate is running ads, and a few other factors):
The CouponsHaven.com paid advertisement (top of page) is the ad we are focusing on. Once clicked, the user will be redirected one of two ways.
1. To a fake coupon site.
If the scammer detects anything out of the ordinary like suspicious IP addresses, Google crawlers, or monitoring software crawlers it will direct the user to the following site:
Or the non-mobile version:
This destination page looks and feels like a legitimate coupon site. However, most of the links from this site belong to Retailmenot.com (coupon site is case specific). This scammer has more likely than not copied Retailmenot.com’s site HTML and is hosting its content themselves.
This is not where the money is for the Black Hat affiliate, but rather a way to cover themselves from the real scam – which is sending users to:
2. A mobile recurring billing scam.
Now, if CouponsHaven.com does not sense anything out of the ordinary about the user, they will direct traffic to the following landing page:
Look familiar? This is identical to the mobile recurring billing scams we have been seeing for about 6 months now.
This scam appears to be targeted at the top internet retailers who get the most traffic on their brand+coupon searches. If you find that you are a target of this scam you should contact Google, as this is most certainly against their editorial policy and would most likely be taken down.
