Phishing techniques: Contest winner scam

Introduction: Phishing is evolving via bogus online ads and webmail

Phishing scams are among the most serious and pervasive frauds operating today. One of the most used tactics is a scheme that has been around for years now: the “contest winner” fraud.

In this article, I will provide details of these scams. Contest winner scams have been adopted by phishers all over the world and can truly pose a threat if users aren’t cautious.

Strategies used in this phishing attack 

How this phishing attack unfolds: A user is browsing around the internet looking for information and lands on a legitimate site. Suddenly a pop-up appears saying something like “Congratulations User …” or “You are the chosen …” or “You are the winner of our Promotional Contest”. Many people are wise to this scam, but many more are tempted to click on the banner or pop-up.

Most of the time, good sense prevails and the user realizes this is nothing but the usual online scam, knowing that legitimate ad networks do not operate in this way. However, a less-savvy user or a child might not recognize the danger until it is too late. Those who take the bait and click on the pop-up are usually redirected to fraudulent websites and become victims of scripts that take over the user’s system and possibly download malware. 

The phishing attempt can also come in the shape of mass emails. This email might, for example, link to an online form asking for sensitive information; the email seems genuine but is connected to a spoof website.

Figure 1. “Congratulations You Are Todays Winner” Source:

The “Congratulations You Are Today’s Winner” message that is so tempting for the user is part of what is also known as the “ phishing scam. (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Daniel Brecht. Read the original post at: