On 3rd Nov 2013 evening while I was logging into my account in Rogers.com I got a msg asking me whether I am interested in participating in a Rogers survey. I was informed that if I participate in the survey I will be eligible for a $50 gift. I agreed for the survey and participated in it. They asked few questions online. Like how often do you visit rogers.com, whether you use rogers at home or office etc.At the end of the survey I was told that I am eligible for a $50 gift and asked me to select one of the gifts from a link given.I went into that link.It was a third party site(bidou.ca) and there was 3 products displayed there.I selected one(ipod).Then it took me to another page where the price of the ipod was given as $0 and shipping charges was $3.I didnt want to give my credit card details to a strange site.So I hesitated in the beginning but since that offer I got when I was in Rogers site made me confident to give my credit card details.They just asked only for $3 and for that I will get an ipod worth $50.So I felt good.
During the transaction my bank(td bank) confirmed from me that its a authorized transaction.I gave permission to the bank to pay $3 for shipping.Every thing went fine till then.They deducted $3 from my account and told I will get my ipod in 2-3 weeks.But next day there was a $49.99 deduction from my account.At first I thought it the price of the ipod I purchased.But later when I checked my mail I understood that its a 1 month membership fee for their website.I never applied for any membership.With out my permission they added me as a member and deducted $49.99 from my account.They will deduct it every month if I dont cancel it.The phone number given in the website is UK number so I cannot call them.I send them mail asking them to cancel my membership and refund the money.But I got a auto generated reply that they will reply with in 24 hours.But nobody contacted me.I contacted my bank to stop anymore payments to that company but they are telling they cannot stop that and I have to change my credit card.I am so upset.I gave my credit card details only because I was asked from Rogers site.I never thought from rogers site such a scam will come.I contacted Rogers customer service but didnt get any proper response. According to the guy Rogers didnt do any that kind of survey so rogers is not responsible.I dont think so.If I got the link from some random web page then its my responsibility to make sure its from Rogers.But if its came from Rogers.com then its their reponsibility.I will never participate in any more rogers survey.If rogers didnt do that survey then how come a third party was able to pretend as Rogers when somebody log in to rogers.com. Either they hacked Rogers.com or some one helped them to create a link in rogers.com. Any way I lost my money.I don't think I will get it back. I wish no one else will be cheated like me. Hope Rogers will do necessary action against the company who used Rogers name for trapping people.Or Rogers good will will be affecetd.Rogers is equally responsible because this fraud happened through their website.
Solved! Solved! Go to Solution.
99% of the time, the redirect is from Rogers mail. However, back when I was having the problem many times a day, it did it twice from other sites (one was the New York Times and one was a Mac help forum of some kind). Now, I may have gone to Rogers mail before I went to the other site... so I guess it could have still come from rogers mail somehow.
Fred thx for the tip about the (i) Show Site Info beside the main Yahoo URL, didn't know about that. So I went there and started shutting down the options, and the hacks started immediately ... the fake survey, the fake PC Windows Keeper repair, and a new 247 VIDS supposedly competing with Netflix. The hacks kept going after shutting down the options. I think the hack site URL was Promotion Brand.
Here's something interesting, I have an old XP computer in the basement running off a wireless dongle, and I can surf on it, do email, any sites, and never get the hacks.
Jay, interesting you're not on Rogers or Yahoo email and still get hacked, what sites had the hack?
Same thing happened to me again, so this time I called Rogers support, they were excellent! I must have some additional service level as part of my Rogers combo package. I watched while the tech took control of my computer. Turns out this is malware/adware, and I saw them being uncovered and deleted. They even had a Yahoo name on some of them. I saw which tools were used for this and they are all public domain anyway. Use "Adw Cleaner" (owned by Malwarebytes and its a free download) and do the scan. This will clean up the malware. Next thing is to stop it happening again, install Adblock Plus as an ad blocker for Firefox, and also for MS IE, again free downloads specific to each browser. Also remove any suspicious cookies. So far so good, and its been a few hours.
I don't trust AdBlock Plus. If you look under their permissions... you are basically giving them permission to access all your personal data... including passwords.
Jay, interesting you're not on Rogers or Yahoo email and still get hacked, what sites had the hack?
Maybe I worded it poorly. I don't use Rogers e-mail or Yahoo e-mail. I was on the Yahoo.ca main page when the latest survey pop ups occurred.
As an added bonus, today the pop-up has audio. A cheerful voice telling me how I have been chosen to do the survey. I closed my browser before the cheerful voice had a chance to leave more detail.
I also got the audio but no "survey" problems for 2 days now! Interesting new problem though, here is what I got from a bank I was trying to send an email to "Your access to this mail system has been rejected due to the sending MTA's poor reputation". Yahoo is now so bad that this bank rejects my Roger Yahoo emails! No problem using Gmail as a sub, and no problems with sending to anybody else, so far.
Understand about Adblock Plus permissions, but it is still highly rated by CNET and the strategy will be to let the dust settle, then disable it and see if problems reappear.
I'm back from the boonies .... Fred are you still here? ... have you had any more hacks since using Adw Cleaner? Lyn can you update us on your progress. I found the quickest way to check if the hack was still around was to click the little (i) "show site info" beside the yahoo URL on the Yahoo main page to open setting choices. There are a lot of lurkers here, many more views than posters, can anyone else offer any progress?
Thx guys, well after being shut down for the week I was away I went on Yahoo and clicked the "show site info" icon several times which has always brought up the hack, and surfed the site for a while too, and no hack. I'm hesitant to use Adw because it might think my VPN is bad, and I don't want to have to redo it if it gets deleted. When Adw shows me what it wants to delete I might not be able to recognize file names from my VPN if they have strange names. Fred do you have a VPN running?
No more hacks today on Yahoo or Yahoo email. Jay I wondered the same thing, if this fake survey and “free” gifts resulting in the huge credit card charges people have reported have a built-in time limit when the hackers shut down their order center and move on to another scam, based on their estimate of how long it takes for the word to get around Rogers users that it’s a scam and the scammers won’t be getting enough suckers to warrant keeping the operation going. The original fake survey in this thread is from 2013, and is similar but not exactly the same as the current scam, shipping was $3, originating in the UK, with a surprise $49.95 monthly recurring charge on the victim’s credit card for some site membership, whereas shipping is now 4.95, don’t recall if it originates in the UK, or what the upcharges are.
I’m waiting for tech support from my VPN to get back to me with the word on whether Adw Cleaner will mess with it. All the files in my VPN are clearly named so it looks like I can uncheck them for deletion in the Adw window, so I expect they will give me the go-ahead, and then I think I’ll do it. I really don't want to leave malware on the hard drive, especially using it for banking and credit card work.
My VPN tech said go ahead and use AdwCleaner from Malwarebytes, so i got it and ran it, and it didn't want to delete my VPN, but it wanted to delete 2 folders, Amazon1BurttonApp and the Pokki folder, which comes on most Acer computers to provide rich HTMLS apps, and is a company partnered with Acer, probably nothing bad there. But I had Adw delete them both. Adw also listed 20 some root registry keys for deletion, like HKU, HKCU, HKLM, so I let it delete them too. Adw re-booted the CPU, everything worked fine, so I went to Yahoo.ca, and clicked on the (i) icon ("show more info") beside the Yahoo URL, which usually triggers the hacks, and sure enough, back it came. This time just the fake Windows repair screen, no fake survey. Browser history shows it went to 3 sites, Reimage Repair, s0u.jerb.gdn/ plus a bunch of letters and numbers, and Voluumtrk.horizon-trading.com. There are the same ones that always came before. These hacks only happen on the Yahoo website, never anywhere else, same as others have reported. Lyn just avoids that site now, with no further hacks. Someone's bank told them it won't do any transactions coming from Yahoo b/c of "problems". Who knows if the hack is also recording keystrokes or passwords, not secure for banking or credit card work. I wonder about using Firefox's Block Site addon so the sites can't pop up, might try that, don't have it yet. IE has a similar one. Has anyone tried that?
So it looks like the scam web sites that pop up are not an infection on our hard drives, since Lyn wiped hers twice and it still happened, but they are hacks on Yahoo related sites: Rogers/Yahoo, Yahoo.ca, and Yahoo.com. The hacks never come up on other sites. If I avoid those Yahoo sites I’ve got to use a different email, kind of a nuisance. So I’m trying a site blocker to see if that works, as an add-on to Firefox. IE has them too. Three do not have great user reviews, BlockSite, Block Site (with a space), and BlockSite Plus. But LeechBlock has good reviews, so I picked it, and I’ve loaded all the scam sites on it to be blocked, the fake survey with surprise upcharges to the free gift shipping, the fake Windows Repair, the “other” Netflix scam deal, and just lately a fake browser survey, didn’t wait for the offer, probably a “free” gift with upcharges. These are the sites I’ve blocked, and it’s working so far: Reimage Repair, ReimagePlus.com, Voluumtrk.horizon-trading.com, s0u.jerb.gdn, rsnzz.isolate.kopx.gdn, ehtzz.isolate.kpx.gdn, bandretail.com, wayretail.com, retailnatural.com, and cutefeedback.com. These are sites you cannot back-arrow out of, you have to close your browser. I supposed the hackers could have many more of these, and I could be loading new sites on for a while. Leechblock’s interface is easy to use, and explains the use of wildcards to nail any similar URL to the one you entered. You can access it through the Firefox add-on menu. By blocking the sites I don’t think the hackers can grab keystrokes, passwords, or bank numbers. If this works I’ll even donate to LeechBlock. In a few days I’ll post how it’s working.
I’ve found the quickest way to see if the hacks pop up is to go to Yahoo.ca and click on the (i) icon to the left of the Yahoo URL (“show site info”), and start changing your preferences (choosing blocking features there does not work). If you mess around with that icon for a few minutes the hacks pop up quite often.
1. I’ve got to use a different email, kind of a nuisance.
2. These are sites you cannot back-arrow out of, you have to close your browser.
1. You don't need to use a different e-mail if the hack doesn't affect the Webmail site itself. For example, I only saw the hack when on the Yahoo Canada website and I have not seen it recently. For the past few weeks, I was avoiding the Yahoo Canada (and other Yahoo) sites, I have gone to Yahoo sites on purpose recently and not seen the hack, as mentioned by others here. I'm assuming the hack's behaviour has recently changed. You can bookmark the URL that comes up after you click on the "mail" icon within Yahoo. That way you can go directly to the login page for your Webmail and not visit the Yahoo sites if you're still affected there.
2. Although you can't "back out", you don't need to close the browser, you can utilize any bookmark within your browser to go to another web-page.
Edit - I even tried clicking the "i" icon and didn't get hacked. I'm using FF54.0.1 on my Mac Mini. Perhaps the latest Firefox browser fixed the issue? Or the hack changed as mentioned by others?
Of course none of this helps if you actually get hacked within Webmail. Make sure you've only got one browser window/tab open when in Webmail, otherwise the hack could affect you from another window/tab if you have Yahoo open in that other window/tab.
Hi 57 ... a couple weeks ago I got hacked a few times in the middle of composing an email on Yahoo mail, I think it was the fake survey that popped up, and also the fake Windows repair, but since then only on the main Yahoo page that comes up after you exit the email page. That's why I was considering dumping Yahoo email.
I'll get on Yahoo tomorrow and see if I can get the hacks to pop up with LeechBlock working.
Lyn good idea, I think I'll reroute my Yahoo mail, probably through GMail, and never visit Rogers/Yahoo, Yahoo.ca, or Yahoo.com again. Tonight I went to Yahoo.ca and clicked the (i) icon beside the Yahoo URL, with LeechBlock in place, and sure enough, I got 3 hack redirect sites again ... Reimage Repair, s0u.jerb.gdn/xxx and voluumtrk.horizon-trading.com, all visible in Bookmarks history. The first one was the fake Windows repair site. I might ask the Leechblock developer if I'm entering these sites correctly to be blocked, it has different uses of the wildcard feature so you don't have to enter the whole URL, not sure if I got them right. But if you grab the whole URL there is a window to enter them too. Don't know if it's worth the effort, just as easy to kiss the Yahoo/Rogers sites goodbye. But it would be nice to beat the hackers.
Update on LeechBlock, a Firefox add-on that blocks sites from loading, I had to clean up my LeechBlock settings, I had entries in both the domain box and the URL box, not supposed to put them in the URL box if you have them in the domain box. So all the hack sites posted earlier are now in the domain box, and I went on Yahoo.ca and tried to get the hacks to pop up by clicking the (i) icon beside the Yahoo URL, messing around with the options choices like security, media, etc, which always triggers the hack sites, and after doing that for a while never got a hack. I think I got a few flashes as if a site started to loan for a nano-second and then was gone, not sure. Anyway if LeechBlock still works after a few days I don't know if I'll bother routing Rogers/Yahoo email through GMail, and I'll probably even donate to LeechBlock, nice to find add-ons that work properly.