Green Whale Holding Ltd (Case reference: 28903)
| Case Number | 28903 |
| Published date | 31 October 2013 |
| Year | 2013 |
| Adjudicated Party | Green Whale Holding Ltd |
| Procedure Type | Emergency Procedure (Phone-Paid Services Authority) |
Code Compliance Panel
Tribunal Decision
1
Tribunal Sitting Number 136 / Case 1
Case Reference: 28903
Level 2 provider: Greenwhale Holding Ltd, Anguilla
Type of Service: Competition and mobile content (subscription)
Level 1 provider: Globway B.V and Oxygen8 Communications Limited
Network operator: All Mobile Network operators
THIS CASE WAS BROUGHT AGAINST THE LEVEL 2 PROVIDER UNDER PARAGRAPH 4.5 OF
THE CODE
BACKGROUND
The Level 2 provider, Greenwhale Holding Ltd, operated an online subscription mobile content and
competition service, using the brand name “Brickoffers” (the “Service”). The Service operated on the
premium rate shortcode 82070 at a cost of £4.50 per week (three messages per week at £1.50 each)
and was promoted via affiliate marketers. The Level 1 provider for the Service was Globway B.V. and
Oxygen8 Communications Limited.
The Service offered consumers the opportunity to receive mobile downloads described as “funtones”
and the opportunity to enter a prize draw to win an iPad. The winner of the iPad was due to be selected
at the end of the competition period (which ran from 1 June 2013 to 1 December 2013).
The Service operated from 19 June 2013 to 9 July 2013 (when it was suspended as a result of the use
of the Emergency procedure).
Serious concerns regarding the promotion of the Service were uncovered as a result of in-house
monitoring of the Service conducted by the PhonepayPlus Research and Market Intelligence Team
(“RMIT”). The monitoring revealed that affiliate marketing, which generated consumer traffic to the
Service, appeared to utilise a form of malware (ransomware) that stopped consumers’ internet
browsers working, resulting in users being unable to access a large number of popular websites,
including Google. Users were told that they were required to sign up to the Service (and/or other
premium rate services) in order to unblock their browsers.
In addition, the Executive had concerns regarding the visibility of key terms. PhonepayPlus received
one complaint regarding the Service. The complaint did not concern the ransomware promotion.
Monitoring
On 28 June 2013, the RMIT visited the website “wifihackpassword.com” (Appendix A), which offered
users software that purported to enable them to hack into locked Wi-Fi networks. The RMIT clicked on
a button marked “Download Now!” which resulted in the software being downloaded. The RMIT opened
the file. A dialogue box instantly appeared and offered a seemingly essential update which the RMIT
declined. A further dialogue box appeared that stated:
“Error! Too old version! Update please!”
The only option was to click “OK”. The RMIT noted from previous monitoring experiences that
accepting the upgrade led to a premium rate service and upon completion a password was unlocked
which had no function and no upgrade took place. The RMIT’s internet browser was blocked by
malware contained in the download and was not unblocked following entry into the subscription
Service.
Code Compliance Panel
Tribunal Decision
2
The RMIT conducted an additional monitoring session on 3 July 2013. The RMIT opened the Internet
Explorer browser and found it could not access the Google homepage as it was still blocked from the
previous monitoring session (Appendix B). The browser displayed a webpage that contained a
warning that stated:
“This website has been blocked for you! Steps to access this website again. 1. Click the unlock
button below. 2. Pick survey to verify that you are human. 3. Complete Survey. 4. Continue using
this website.
“This website has been blocked because of your recent activity. Your actions have been marked as
a spam bot like. To visit this website again follow the instructions on the left [see numbered point
above]. This is made for security reasons.
“Information about you:
Country name: UK
City:
IP: [IP address redacted]
“Click here to unblock.”
In exactly the same manner as the previous monitoring sessions, the RMIT clicked on the “Click here to
unlock” button, a further pop-up appeared which stated (Appendix C):
“WARNING! The content you are browsing is blocked! You must complete at least one offer to have
access to this page.”
The RMIT selected an option that stated, “Mobile Content, Prizes, Downloads, Coupons & More!” The
RMIT was directed to a webpage which purported to be the Service landing page which opened in a
new browser window (Appendix D).
The RMIT followed the instructions contained on the landing page (http://funloadia.com) (Appendix D)
and answered one quiz question. The RMIT was directed to enter its MSISDN and click “Continue”.
The next screen prompted the RMIT to send the keyword “READY” to the shortcode 82070 to opt-in to
the Service (no pricing information was included in the message) (Appendix E). The RMIT monitoring
phone received a free text message, again prompting the RMIT to send the trigger keyword to the
premium rate shortcode. Upon doing this, the RMIT received subscription confirmation messages that
confirmed the RMIT had successfully opted-in to the Service.
The RMIT waited for the original password file that had been downloaded to become unlocked on the
blocked browser tab, however this did not occur. The RMIT viewed the following statement:
“WARNING! The content you are browsing is blocked! You must complete at least one offer to have
access to this page…We are waiting for you to complete your survey. When you have completed
the survey, please check back here to see if the content is unlocked. If you have spent more than 5
minutes on this survey and this page is still locked, please try a different survey…Not yet complete”
The RMIT eventually closed all the browser windows that had been opened during the monitoring
session and opened a new Internet Explorer window. The browser displayed the same webpage
notifying the browser was blocked (Appendix B).
The RMIT selected the “unblock” button and was led back to the “Warning” pop-up page that directed
the user to complete an “offer” to unblock the browser (Appendix C). The RMIT finished the monitoring
the session.
To continue reading
Request your trial