Perhaps you’re familiar with this scenario: You visit a website on your mobile device, sometimes one you’ve never been to before or sometimes even a favorite, and in a matter of seconds you’re redirected to a page that says “Congratulations!” you’ve won a prize — most commonly an Amazon gift card and/or products.
So, what gives?
What to know & what to do when you’re redirected to a fake ‘Congratulations’ page
Although you hit no buttons or input any commands other than clicking a bookmark or inputting a URL, the browser jumps to another site. When you see this, what’s happening is what’s called a “forced redirect.”
The ads typically go something like this:
“Congratulations Amazon User! You’ve been selected as a winner for the free $1000 Amazon Gift Card, Apple iPhone X 256G or Samsung Galaxy S8!”
— Winnie Jenkems (@WinnieJenkems) September 10, 2018
You’re then asked to click to claim your prize, but you really shouldn’t do that. One of the reasons why is because your device may become infected with malware.
Cybersecurity firm Symantec addressed these ads, saying that they are a leading scam on the internet.
These “You won” scammers “use localization to zero in on their targets,” the firm said in a blog post. “The malware (Android.Fakeyouwon) discovered on our users’ devices identifies device location/region using the device’s IP. Once the region is discerned, scammers can tailor different scam campaigns accordingly. These may range from generic ad library revenue generation to fake coupons or rewards programs from well-known local shopping outlets.”
How are these malware pop-ups getting on your phone? Apps.
According to Symantec, the apps you download (in conjunction with your web browser) may act as portals for these particular webpages to pop up.
“Applications hide themselves as legitimate apps in domains such as settings apps (Panel Settings), or apps that play music for free. Apps will also ask for the minimum amount of permissions, so as not to concern more discerning users on installation.”
How to stop those annoying ‘Congratulations’ gift card pages
The best way to avoid this scam, according to Symantec, is to make sure you adhere to the following guidelines:
- Make sure your device’s software is up to date
- Don’t download apps from sites that aren’t familiar to you
- Only install apps from sources you trust
- Be sure you pay attention to the permissions you’re granting your apps
- Back up your important data frequently
- Install a trusted mobile security app on your device
If you do encounter the scam, here’s what you should do:
- Click out of the ad: Close out of the webpage, but don’t click the “Close” button inside the ad itself. It’s usually just another redirect, which could install malware on your device.
- Clear your web history: On an iPhone go to Settings > Safari > Clear History and Website Data. On an Android, tap Internet > More > Settings > Privacy > Delete > Browsing history.