2018.1 Update: We guessed the reason quite a while ago, and now there’s finally news discussing about it: https://www.fastcompany.com/40516897/a-new-wave-of-bad-ads-is-hijacking-even-top-tier-websites & https://blog.confiant.com/uncovering-2017s-largest-malvertising-operation-b84cd38d6b85 . These phishing scam ads appeared because ad networks are hijacked. As a result, not only us, big websites like New York Times also showed these phishing scam ads. So the problem is finally solved, by ad networks. Hope they can control the ad quality better!
It has been reported recently that when visiting our mobile sites (including App) as well as some other websites (e.g. doctor of credit), there is a small chance that you will see a pop up phishing scam like “Your iPhone is infected” or “Click to win a gift”. Here are some examples:
This is a Phishing Scam, do NOT enter your personal information!
Here are some information about this scam:
- We are not sure exactly how many websites are affected except our site and DoC, but we are pretty sure there are a lot (especially blogs). Be careful when you are using your cell phones.
- We don’t know yet where and how the malicious scripts are injected. It’s probably in some blog-related third-party services or platforms like WordPress or some WordPress plugins.
- The scam is only reported on mobile sites for now.
- The scam is only reported on iPhone for now. Welcome for Android data points.
It is very hard to locate the source of the scam since the chance it will show up is very small. Plus, once it shows up, you won’t see it on the same device for a long period. We don’t know where is the problem and how to fix it yet.
We are actively working on identifying the source of the scam. We really appreciate any suggestions or professional knowledge, as well as data points of the scam.