How to spot Amazon Gift Card scams

What kind of scam is "Amazon Gift Card"?

"Amazon Gift Card" is a generic name for scam messages displayed by malicious websites. In most cases, users visit these sites inadvertently - they are redirected by intrusive advertisements (displayed by other dubious sites) or rogue applications.

Research shows that rogue apps often infiltrate systems without permission and, as well as causing redirects, deliver intrusive advertisements, gather private information, and run unwanted processes in the background.

"Amazon Gift Card" scam overview

There is a huge variety of "Amazon Gift Card" type scams (e.g., You Are Today's Lucky Visitor). All essentially state that the user is a lucky visitor and has the chance to win a gift card (typically equivalent to $1000) from the Amazon e-shop. To receive the card, however, users must perform various tasks.

In most cases, they are asked to complete a survey or provide registration details (personal information including email addresses, which are used to send the gift card). Some sites attempt to trick users into staying on the malicious site as long as possible (e.g., the user must wait for a countdown timer to reach zero before starting the survey).

This is done to misuse system resources and perform various tasks, such as mining cryptocurrency (typically, Monero). Malware security researcher, Lawrence Abrams, has recently discovered an "Amazon Gift Card" scam site that contains a countdown timer. To receive the gift, users must (once again) wait for the timer to reach zero.

In fact, the timer continues to reset to 59 sec - it never reaches 0. While the user is waiting, the website runs background scripts that use system resources to "watch" YouTube videos without displaying them on the screen. It is safe to assume that cyber criminals generate revenue by stealthily generating traffic/views for certain YouTube channels.

In summary, any websites that supposedly "enable" users to win Amazon gift cards are false and malicious. The associated messages are false and should be ignored.

If you have visited such a site, leave it immediately. Some malicious sites employ scripts that prevent users from closing browsing tabs/windows. In this case, close the browser via Task Manager or simply restart the computer. After rerunning the browser, never restore the previous session, otherwise you will return to the malicious site.

More about apps promoting such scams

As mentioned above, apps promoting similar scams often generate coupon, banner, pop-up, and other intrusive ads. To achieve this, developers employ various tools that enable placement of third party graphical content on any site. Therefore, displayed ads often conceal underlying website content, thereby significantly diminishing the browsing experience.

In addition, these ads can lead to malicious sites and execute scripts designed to download/install malware. Therefore, even a single click might result in high-risk computer infections. Information tracking is also an issue.

Research shows that unwanted apps often gather IP addresses, URLs visited, pages viewed, search queries, and other information that includes personal details. Once recorded, this information is shared with third parties (potentially, cyber criminals) who generate revenue by misusing private data.

This can cause serious privacy issues. Furthermore, some rogue apps misuse system resources to mine cryptocurrencies or run other unwanted processes. The presence of these programs results in a significant reduction in overall system performance. You are strongly advised to uninstall all unwanted apps immediately.

Threat Summary:

Name	"Amazon Gift Card" virus
Threat Type	Phishing, Scam, Social Engineering, Fraud
Fake Claim	Visitors have a chance to win an Amazon Gift Card or other prize
Disguise	Legitimate survey
Related Domains	getizup23[.]win, nonameroute52[.]live, retailproductzone[.]com, primextrc[.]com, amarktflow[.]com, rewardsaswesome[.]com, approvedreward[.]com, bancontact-verificatie[.]site, newcodegen[.]buzz
Detection Names (getizup23[.]win)	Forcepoint ThreatSeeker (Suspicious), Full List Of Detections (VirusTotal)
Detection Names (nonameroute52[.]live)	Avira (Malware), Dr.Web (Malicious), Fortinet (Phishing), Kaspersky (Phishing), Sophos (Phishing), Full List Of Detections (VirusTotal)
Detection Names	Forcepoint ThreatSeeker (Spam), Webroot (Malicious), Full List Of Detections (VirusTotal)
Detection Names (amarktflow[.]com)	N/A (VirusTotal)
Detection Names (rewardsaswesome[.]com)	N/A (VirusTotal)
Detection Names (approvedreward[.]com)	alphaMountain.ai (Suspicious), Full List Of Detections (VirusTotal)
Detection Names (bancontact-verificatie[.]site)	Comodo Valkyrie Verdict (Phishing), Kaspersky (Malware), Full List Of Detections (VirusTotal)
Detection Names (newcodegen[.]buzz)	N/A (VirusTotal)
Symptoms	Fake error messages, fake system warnings, pop-up errors, hoax computer scan, fake survey.
Distribution methods	Compromised websites, rogue online pop-up ads, unwanted applications.
Damage	Loss of sensitive private information, monetary loss, identity theft, possible malware infections.
Malware Removal (Windows)	To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Similarities between rogue apps

There are hundreds of rogue programs, all of which are virtually identical. By offering a range of "useful functions" (e.g., file conversion, download performance increase, system optimization, anti-virus, etc.), these apps often trick unsuspecting users to install.

Rather than delivering any real value for regular users, however, shady apps pose a direct threat to your privacy and Internet browsing safety. The only purpose of such apps is to generate revenue for the developers.

How did unwanted programs install on my computer?

Some of these apps have official download websites, however, due to the lack of knowledge and careless behavior of many users, they often infiltrate systems without permission. Unwanted programs are often distributed using the "bundling" method, together with intrusive ads. "Bundling" is stealth installation of third party applications together with regular software/apps.

Developers hide "bundled" apps within "Custom/Advanced" settings (or other sections) of the download/installation processes. Many users rush these procedures and skip steps. In addition, they click suspicious ads/links without understanding the possible consequences. This behavior can lead to inadvertent installation of unwanted applications.

How to avoid installation of unwanted applications?

To prevent this situation, be very careful when browsing the Internet and, especially when downloading/installing software. Criminals invest many resources into intrusive ad design, thereby making them appear legitimate, however, they often redirect to dubious sites (e.g., gambling, survey, pornography, and so on).

If you encounter these redirects, immediately eliminate all dubious applications and browser plug-ins. Carefully analyze each window of the download/installation dialogs and opt-out of all additionally-included programs. The key to computer safety is caution.

Typical text presented in "Amazon Gift Card" scams:

Congratulations! Amazon.com User! You've been selected for a chance to get the $1000 Amazon Gift Card, Apple iPhone X 256G or Samsung Galaxy S8! Please click OK to claim your reward before it expires!

The appearance of "Amazon Gift Card" scam-displaying website that "watches" YouTube videos without displaying them on the screen (GIF):

Mobile variants of "Amazon Gift Card" scams:

Another variant of "Amazon Gift Card" pop-up scam:

Initial page:

Text presented within page:

Congratulations, you are today's lucky visitor!
Every day, we randomly select a user from all over the Phoenix, AZ for a chance to receive a new Amazon $1000 Gift Card!

CONGRATULATIONS!

You have 1 minutes and 52 seconds to win the spin game for a chance to receive a Amazon $1000 Gift Card!
Note: This is a limited offer, if your session ends or timer expires, you cannot take part anymore and the Amazon $1000 Gift Card will go to the next potential device

Page after "spinning the wheel":

Text presented within this page:

Over $4,000,000 in Rewards given out so far!
Privacy Policy | Terms & Conditions
Status: Available!
$1000 AMAZON GIFT CARD*
*UPON COMPLETION OF PURCHASE REQUIREMENTS. CLICK FOR DETAILS

Page used to register an account in order to "receive" the gift:

Text presented within this page:

REWARD: $1000 AMAZON GIFT CARD
Privacy Policy | Terms & Conditions

Confirm your information to finish your registration
FIRST NAME
LAST NAME
PRIMARY PHONE

Appearance of this "Amazon Gift Card" scam variant (GIF):

Another variant of Amazon Gift Card scam ("Congratulations Amazon shopper!"):

Texts presented within these pages:

Initial pop-up:

 

Congratulations Amazon shopper!
We would like to thank you for your continuing support for our services - so we are offering you a chance to receive an exclusive reward

Click "OK" to claim your special prize

Good Luck!

Spin page:

Shopper Loyalty Program 2019
Congratulations!

Every Monday we select 7 lucky Amazon shoppers to receive a special reward. Spin the wheel to claim your special prize.

 

Second pop-up:

Congratulations!
(1) $1000 Amazon Gift Card is reserved for you!

To claim your prize, click the button bellow and verify your information on the next page.

Claim Your Prize
Your prize will expire in 1:11

Yet another variant of "Amazon Gift Card" scam:

Yet another variant of "Amazon Gift Card" pop-up scam:

Text presented within:

Text in the pop-up:

 

Congratulations!
You won a 500$ Amazon Gift card!

Your Gift Card Certificate password is "777". Save it, you will need it to open your gift card.

 

Text in the background:

 

Congratulations!

Today Novembre 18, 2020 . You have been randomly selected to participate in Amazon Reward Program. It will only take a minute and you can receive a prize: Amazon 500$ Gift Card

Every Wednesday 10 lucky Facebook users are chosen to randomly receive a reward. This way we encourage people to use our products and services!

This survey is designed to improve user experience of our customers. Your free participation will certainly be rewarded!

You have only 1 Minutes 22 Seconds left to participate

Hurry up! The amount of gifts is limited!

Another example of "Amazon Gift Card" pop-up scam:

Text presented within:

Eonix Corporation‘s promotional contest as for Tuesday 26 January 2021
Dear client Eonix Corporation,
we would like to thank you for your loyalty to Eonix Corporation, therefore, we offer you a chance to get a $1000 Amazon Giftcard.

Win an Amazon Giftcard
All you have to do is choose the correct gift box

Yet another example of Amazon Gift Card-themed scam website (newcodegen[.]buzz):

Yet another website promoting the "Amazon Gift Card" pop-up scam:

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "Amazon Gift Card" virus?
• How to identify a pop-up scam?
• How do pop-up scams work?
• How to remove fake pop-ups?
• How to prevent fake pop-ups?
• What to do if you fell for a pop-up scam?

How to identify a pop-up scam?

Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.

While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.

Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:

• Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
• Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
• Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
• Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
• Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Example of a pop-up scam:

How do pop-up scams work?

Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

How to remove fake pop-ups?

In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.

How to prevent fake pop-ups?

To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.

What to do if you fell for a pop-up scam?

This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.

• If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
• If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
• If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
• Help other Internet users: report Internet scams to Federal Trade Commission.

Frequently Asked Questions (FAQ)

What is a pop-up scam?

It is a scam where a shady website displays a fake/deceptive message (or messages) to trick visitors into performing certain actions.

What is the purpose of a pop-up scam?

Scammers use pop-up scams to lure visitors into providing sensitive information, purchasing fake or unnecessary software (or paying for fake services), paying "administration" or other fees, downloading and executing malware, providing remote access to computers, etc.

Why do I encounter fake pop-ups?

Fake pop-ups are displayed on deceptive pages. These sites get opened mainly via untrustworthy advertisements and websites that use rogue advertising networks (e.g., illegal movie streaming pages and torrent sites). Also, they are promoted via notifications displayed by shady pages.

Will Combo Cleaner protect me from pop-up scams?

Combo Cleaner will detect websites designed to show fake pop-ups and restrict access to them.

▼ Show Discussion