R&D Media Europe B.V. (Case reference: 28778)
| Case Number | 28778 |
| Published date | 21 August 2013 |
| Year | 2013 |
| Adjudicated Party | R&D Media Europe B.V. |
| Procedure Type | Emergency Procedure (Phone-Paid Services Authority) |
Code Compliance Panel
Tribunal Decision
26
Tribunal Sitting Number 131 / Case 2
Case Reference: 28778
Level 2 provider
R&D Media Europe B.V.
Type of Service
Competition - non-scratchcard
Level 1 provider
Netsize Internet Payment Exchange AB
Network operator
All Mobile Network operators
THIS CASE WAS BROUGHT AGAINST THE LEVEL 2 PROVIDER UNDER PARAGRAPH 4.5 OF
THE CODE
BACKGROUND
The Level 2 provider, R&D Media Europe B.V. operated an online subscription competition quiz
service using the brand names “Zemgo Quiz” and “Zemgo Prizes” (the “Service”
). The Service
operated using Payforit (“PFI”) at a cost of £4.50 per weekand was promoted via affiliate marketing.
The Level 1 provider for the Service was Netsize Internet Payment Exchange AB.
The Service offered consumers the opportunity to participate in quiz competitions. Consumers were
sent a message containing a link to a quiz consisting of ten questions. Each correct answer resulted
in a separate entry into a prize draw to win prizes such as an iPhone 5. The winner was selected at
the end of the competition period (which ran from 8 February 2013 to 1 June 2013).
The Service operated from 11 February 2013 to 1 July 2013 (when it was suspended as a result of
the use of the Emergency procedure).
Serious concerns regarding the promotion of the Service were uncovered as a result of in-house
monitoring of the Service conducted by the PhonepayPlus Research and Market Intelligence Team
(“RMIT”). The monitoring revealed that affiliate marketing, which generated consumer traffic to the
Service, appe
ared to utilise a form of malware (ransomware) that stopped consumers’ internet
browsers working, resulting in users being unable to access a large number of popular websites,
including Facebook, Ebay and Google. Users were told that they were required to
sign up to the
Service (and/or other premium rate services) in order to unblock their browsers.
Monitoring
On 24 June 2013 and prior to uncovering the ransomware promotions for the Service, the RMIT
visited the website “wifihackpassword.com” (Appendix A
), which offered users a file that purported
to enable them to hack into locked wireless networks. The RMIT attempted to download the file
(Appendices B and C
). The monitoring session concluded with the RMIT’s Internet Explorer
browser being blocked.
The RMIT conducted an additional monitoring session on 25 June 2013. The RMIT opened the
Internet Explorer browser and found it could not access the Google homepage as it was still
blocked from the previous monitoring session. The browser displayed a webpage that contained
the warning that the website had been blocked and it stated (Appendix B).
“This website has been blocked for you! Steps to access this website again. 1. Click the unlock
button below. 2. Pick survey to verify that you are human. 3. Complete Survey. 4. Continue
using this website.
“This website has been blocked because of your recent activity. Your actions have been marked
Code Compliance Panel
Tribunal Decision
27
as a spam bot like. To visit this website again follow the instructions on the left [see numbered
point above]. This is made for security reasons.
“Information about you:
Country name: UK
City:
IP: [IP address redacted]
“Click here to unblock.”
The RMIT clicked on the “Click here to unblock” button, a further pop-up appeared which stated:
(Appendix C).
“WARNING! The content you are browsing is blocked! You must complete at least one offer to
have access to this page.”
Upon clicking on the first offer, to win an iPhone 5, the RMIT was directed to the Service landing
page (Appendix D) and followed the instructions to complete a multiple choice question
(Appendix E). The RMIT was taken to a PFI screen which required the RMIT to enter a MSISDN.
The RMIT monitoring phone received a free message containing a PIN code. The RMIT entered
the PIN on to the PFI page and clicked on “Subscribe Now”. The RMIT monitoring phone
immediately received a subscription confirmation message and another text message giving the
user the opportunity to win a £500 IKEA voucher by following a hyperlink.
On the RMIT computer screen a warning notification appeared, advising that content was blocked
and a “survey” had to be completed to gain access to the page (Appendix C). At the bottom of the
page the RMIT was notified in a pop-up that the download was complete and was given the option
of opening or saving the download. The RMIT clicked on “Open” and a notepad screen appeared,
containing a password. It is of note that throughout the monitoring session there was never an
opportunity to enter or use the password. The RMIT moved away from the tab containing the
notepad screen and back to the Service webpage, which contained a quiz with a series of ten
questions. The RMIT did not complete the questions and instead closed all tabs/windows. The
RMIT attempted to open Internet Explorer and gain access to Google but was again presented
with the page informing the RMIT that the website was blocked (Appendix B).
The RMIT noted from previous monitoring experiences that completing the “offer” resulted in it
subscribing to a premium rate service but its internet browser, which had been blocked by the
malware, was not unblocked following entry into the service.
It is of note that in order to unblock its internet browser the RMIT had to re-boot its desktop in “safe
mode” and eliminate all viruses using its existing security software. The Executive noted that it was
likely that end users without specialist IT knowledge (and unable to search for a solution on their
own computer) would require specialist assistance (potentially at a cost).
The Investigation
The Executive conducted this matter as an Emergency procedure investigation in accordance with
paragraph 4.5 of the PhonepayPlus Code of Practice (12th Edition) (the “Code”).
On 28 June 2013, the Executive notified the findings of its preliminary investig
ation to a member of
the Code Compliance Panel and obtained authorisation to invoke the Emergency procedure in
To continue reading
Request your trial