Scam Alert: “Testers needed to test the Apple iPad” – testitandkeepit.com

i got an email last night sent from a client we did a website for about a year ago inviting me to become a tester for an Apple iPad.  actually, i got two emails — one sent to each of my main addresses.  The subject line of the email was “Testers needed to test the Apple iPad.” redundancy aside, i was curious — also, skeptical.  it’s a little late in the game for there to be iPad testing; usually testing (and certainly anything calling itself “beta testing”) is conducted before the device is ready to ship — the iPad already has a hard release date.  the only kind of testing that would even be feasible is some kind of user experience testing for the purposes of market research (in which case it wouldn’t matter when the product was released, but it would probably make more sense after the producer got some initial sales figures). barring someone hanging out in your home and following you around as you use the thing, something like that would almost certainly need some special software installed, and it’s been well documented and established that the only software that gets onto an iPad is — like the iPhone or iPod Touch — from the iTunes App Store.  The body of the email had this to say:

Hello [my name],

Your contact “[contact’s email address]” invited you to join our TestitandKeepit program.

At this time we are actively searching for people who will be willing to test the new Apple iPad. The testing period will take only two months, after which you may keep it as compensation.

To see more details and register to our program, follow the link below:

http://www.testitandkeepit.com/1

Thanks,

The TestitandKeepit Team

This immediately made me search for “test it and keep it ” — certainly if this was an established company, their website would be high ranked on a search for their own business name.  and, if it was a scam,  i should see some blog posts or scam reports on such.  the results?  well, i didn’t find the company, or even their website, by searching for “test it and keep it”, but i did find several posts in various different places that gave the impression that it was, in fact, a scam.  most of them, however, were not based on any hard evidence as the authors hadn’t actually gone through all the steps.  it wasn’t until i found this post on the sophos blog from earlier this month that i could see what the take was, summarized in this handy-dandy youtube video.

all of these so far, though, are referencing this as being a facebook scam, and it wasn’t an email (or invitation to join a group) from facebook that sent the invitation i received.  thus prepared, i ventured to the site.  a few things caught my attention early on:

  1. the top navigation links work, sure, but the links to “contact”, “home”, and “rss” links at the bottom of the site don’t link to anything.
  2. while there is what appears to be a newsfeed on the right side of the page, complete with number of comments, none of the “posts” actually link to anything.  neither do the comments.
  3. there is no specific evidence of this group ever conducting a test like this before, other than a mention in the non-functioning news feed
  4. although the company description freely says that they are not directly related to the product manufacturers and are an outside organization called in to select participants for product tests and report back their findings, a company as large as apple would not be very likely to hire an outside organization — especially their policy for extreme secrecy when it comes to new products.
  5. from their about page:

    Our mission is simple:
    “Make life easier for everyone.”

    We offer solutions hassle-free to companies who want their products reviewed. We select participants and we deal with all the paper work, the logistic behind selecting the participants, getting their reviews, etc… Plus we make life easier for all the people who will purchase the product in the future, because of our help, the product will be improved and fixed from its original conceptual bugs or malfunctionning.

    this is the sort of meaningless copy that people who have never been directly involved with product manufacturers or large corporations might believe.  are there companies that get hired by large organizations to test their products?  sure.  but are the primary incentives in hiring such a company a) selecting participants, b) dealing with paperwork, and c) making life easier?  no, they have staff that can handle stuff like that.  would a company like apple hire the “Test It and Keep It Team” based on their company’s description on their about page?  very unlikely.

  6. and then there’s the little matter of grammar.  most people who receive spam on a daily basis know that the easiest way to detect spam and phishing emails from their legitimate counterparts is that, more often than not, the language and grammar in the spam and phishing emails is atrociously bad, riddled with spelling and punctuation errors as well as simple sentence structure errors that any large company’s PR and marketing team would have caught before going to press.  however it’s also widely known that people don’t read, and certainly when it comes to something like this, they are more likely to skim the page. yuo konw taht eamil taht yuo gte wehre lla teh wrods aer splled wrnog and this is to prove that as long as all the letters are there, it doesn’t matter what order they come in in terms of being able to read it?  well, that just goes to show how much we can skim and not even realize we’re doing it, but anyone somewhat trained in picking out errors like this will see these things as glaringly obvious.  certainly no company trying to impress the likes of apple would let such mistakes be published on their website.

none of these things looked too promising for this little site, but out of pure curiosity, i decided to see what happens when i try to sign up.  like the facebook version, the signup is split up into 3 parts.

step 1 — submit your name and email address (interestingly, though, the name fields are labeled as “Name” and “Last Name” — usually, when first and last name are required, they are at least listed as “first name” and “last name”)

step 2 — invite all your friends.  since they can’t do this automatically directly on facebook, they’ve built in a method by which you can invite all of your friends from various different networks simply by entering your username and password!  (because i love giving out my username and password to shady companies.)  presumably this mass emails all your friends on various different networks with a message similar to what i received trying to get more people to sign up for step 3.

step 3 — complete registration.  you might think that this would be like a submit button or send you a validation key or something like that.  in fact, this button redirects you to a completely different site, online reward center (i am providing the link for reference purposes only, submit your information at your own risk).  at first glance, this looks exactly like those other sites where you go through 20 pages of offers and surveys to get a free iPod, only to come to the last 2 or 3 pages which require you to sign up for 10 different trial offers in order to receive your iPod.  no good will come of these sites — trust me, i’ve tried.  at one point in time i had heard a story of someone i knew personally who had set up a fake email address and gone through the steps and did actually get their ipod which led me to try it myself.  i chickened out at giving out my credit card number, though, so the only thing i got was spam and added onto Camel’s list for product samples and coupons.  i don’t smoke, but at some point there was an option to choose which cigarettes i preferred, marlboro or camel, and neither wasn’t an option.  as a sidenote, i googled “online reward center” too, and found several entries on the scamminess of that, too, including several questions to Yahoo! Answers to the effect of “is the free stuff you get here for real?” to which the answers were “no,” “no,” and “sometimes if you’re lucky and prepared to get a lot of spam.”

so here’s what i think: this started out as a facebook scam.  ultimately, though, it got banned from facebook from so many complaints (but not before racking up thousands upon thousands of fans).  after that, either a copycat scam popped up, or the same guys with a different catch who, rather than harvesting cell phone numbers, is getting commission on all the crap you sign up for on those survey things — a gimmick that is almost as old as the internet itself (and more than likely based on those publisher’s clearing house sweepstakes offers).

the moral here is: if it looks like a duck, acts like a duck, and quacks like a duck, it’s probably a duck, no matter how much you want that duck to be a free iPad.

also: as a further side note — i contacted the person from whom i received the email originally, including the link to the sophos post.  his response was that he recieved it but did not sign up for anything.  after doing a twitter search, it looks like possibly this scam is even more insidious than it seems, exploiting gmail contact lists to get email addresses.

Update 3-31-2010:

For anyone who’s signed up inadvertently and are interested in “what are my risks” read this from the scam warners forum.  The short response is: don’t give anyone your credit card information over the phone.

If I briefly describe the Florida holiday scam it’ll give you an idea how this can turn into a very shady business.

There are many ways used by marketing companies to collect people’s details. Many sites offer money off coupons and they insist you enter personal details including your phone number. They also have booths at country fairs, race meetings or exhibitions with entries to a free competition for a holiday (of course, there’s no holiday). They then sell these details on to a boiler room with one purpose only – to get your credit card details. They ring up telling you that you’ve won a holiday and that you just need to pay some small deposit, and it’s pressure tactics that you wouldn’t believe. They then clear your account.

It isn’t just spamming.

how windows 7 (inadvertently) helped me find a virus

so the other day, i got a notification in my systray that msdt.exe was corrupt, and possibly i should do a chkdsk to repair the problem. after seeing this crop up several times, i decided to take the message’s advice.  i stopped paying attention at some point, when i realized the chkdsk was gonna take a while, but glanced up and saw that it started “recovering orphaned files”.  if you’ve never had the pleasure of experiencing this phenomenon, it’s when the windows chkdsk says “hey, what’s that?  hmm, i’m not sure so i’m going to make it a totally unusable .chk file and name it something like, uh, found000087.chk.”  in theory, you could go through all your orphaned files and do something with them if you had any idea what they were after they’d been “recovered.”  i rolled my eyes and was just thankful that most of the original filenames (at least what was displayed on the screen) ended in .tmp.

so after it was done and booted up, i still got the message, but now i was graced with some errors from yahoo messenger and z-engine that my .net framework version 2.0 was jacked.  trying (vainly) to fix this by repairing and/or reinstalling .net 2.0 only revealed that “that is already part of your operating system.”  uh, yeah, but i want to reinstall it.  “if you want to install this program, run install.exe.”  okay, i thought that’s what i did…”i’m sorry, there is no file or folder named ‘install.exe'” etc., etc., etc.  i eventually gave up when i realized that both yahoo and z-engine were working anyway, which led me to deal with this other problem, the one with the corruption in “msdt.exe.” so i googled it, and lo and behold, it’s a trap virus.  which is weird because AVG never picked it up.  

so, currently i’m trying to deal with removing a virus that my virus scanner won’t detect which is, you know, fun.