What is "Dear [ISP name] user, Congratulations!"?
"Dear [ISP name] user, Congratulations!" is a scam run on deceptive websites. This scheme is designed to trick users into believing that they have won a prize. To receive it, however, they need to provide personal information and pay certain fees. This scam is furthered through the use of visitors' Internet Service Providers (ISPs), which aids the appearance of legitimacy. Furthermore, "Dear [ISP name] user, Congratulations!" is typically displayed in the language associated with visitors' geolocations. This scam has been observed targeting French (Bouygues Telecom ISP), Chilean (VTR ISP), Hong Kong (Netvigator ISP), Italian (Fastweb ISP), South African (Telkom ISP) and a number of other regions/ISPs. Most users enter deceptive/scam sites unintentionally, since they are redirected by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into their devices.
Visitors to the website promoting the "Dear [ISP name] user, Congratulations!" scam first see a pop-up window. The phrasing can differ in some variants of this scheme, but in essence it congratulates users of a specific Internet Service Provider to have been chosen as potential prize winners. In most versions of the scam, the possible prizes are Samsung Galaxy S10 or Apple iPhone X smartphones. The background page thanks visitors for using the ISP and invites them to take a quick survey. If users answer the multi-choice survey, they can win the aforementioned prizes. There is also a countdown presented, which shows how much time remains to win the fake gifts. After the survey is completed, another web page is displayed that congratulates users for winning the prize. It mentions that the Apple iPhone X is already out of stock, however, they have won the Samsung device. "Dear [ISP name] user, Congratulations!" then displays another pop-up stating that the prize has been reserved by the ISP and lists the terms and conditions of this giveaway. The "terms and conditions" are instructions. Firstly, users are to provide their shipping and contact details in the following web page. Secondly, they must pay the shipping fee, which in most versions is 1 USD or equivalent. The text presented in this window ends with a statement that after the first steps are made - the prize will be shipped within two business days. Pressing any of the consent options (e.g. "OK" button) redirects users to another site. In this page, users are to enter their personal details and pay the shipping cost. Note that trusting "Dear [ISP name] user, Congratulations!" or similar scams will not lead to any prizes. You will experience financial loss and, possibly, privacy issues.
Redirects to deceptive/scam web pages are usually generated by intrusive ads or PUAs. Unwanted applications can force-open a wide variety of scam, rogue, compromised and even malicious sites, however, they can also possess other capabilities. PUAs can deliver intrusive advertisements (pop-ups, banners, surveys, coupons, etc.), which significantly diminish the browsing experience, cause redirects to harmful pages and stealthily download/install unwanted content. Other PUA types can modify browsers, restrict/deny access to settings and promote fake search engines. Most unwanted apps, regardless of other specifications, can track data. They record browsing activity (browsing and search engine histories) and personal information derived from it (IP addresses, geolocations and other details). This private data can then be shared with third parties (potentially, cyber criminals) seeking to profit through misusing it. In summary, while typically legitimate in appearance, PUAs can cause various system infiltration and infections, lead to serious privacy issues, financial loss and even identity theft. To ensure device/user safety, remove all dubious applications and browser extensions/plug-ins immediately upon detection.