The Federal Trade Commission (FTC) has cracked down on five “consent farm” networks it says were tricking US citizens into signing up for telemarketing call lists with misleading promises of gifts, special offers, or job opportunities. Bonus has determined that one of the defendants in these cases, RewardZone USA, was involved with the social casino “hack” scam we cautioned readers about last year. The same scam continues to operate, but now directs users to a variety of similar companies.
RewardZone was a co-defendant affiliated with Fluent LLC, the first of the five principal defendants named by the FTC. Fluent and its affiliates had already agreed to a settlement before the FTC made its complaint public. On July 17, the complaint and the proposed settlement simultaneously appeared on the docket of the District Court for the Southern District of Florida.
Fluent will pay $2.5 million to the FTC to settle the case. More importantly, however, it and its co-defendants have agreed to a permanent injunction which includes a lengthy list of requirements for how they do business in the future.
What are Consent Farms?
Probably anyone with a phone has received robocalls at some point. Unsolicited informational robocalls are legal, but anyone trying to sell you something with a robocall needs to get your consent first.
In principle, companies have to obtain that consent directly. For instance, if you sign up for a website, the fine print might specify that you’re agreeing to let them make sure calls for marketing purposes.
Even so, many robocallers have attempted to circumvent the law by outsourcing that consent. The FTC says that companies like Fluent were providing that service. They would tempt internet users by offering them free gifts or help finding jobs, then sell their data and “consent” to robocallers.
The crackdown on consent farms is part of Operation Stop Scam Calls. That’s a joint effort between the FTC and over 100 federal and state partners. Per the FTC, it has resulted in over 180 enforcement actions to date, including the five complaints against major consent farming networks.
The primary defendants in those cases and the location of their headquarters are:
- Fluent (New York)
- Viceroy Media Solutions (California)
- Yodel Technologies (Florida)
- Solar Xchange (Arizona)
- Hello Hello Miami (Florida)
Fluent, Viceroy and Yodel have agreed to settlements, while action against the other two is ongoing.
How Does the Sweepstakes Casino Hack Scam Work?
Bonus looked into the phenomenon of fake sweepstakes casino hacks because we saw an uptick in search traffic for terms like “chumba free sweeps hack.”
It’s important to note that hacking for free Sweeps coins is impossible, barring direct access to the company’s account servers. It certainly wouldn’t be something a user could achieve just by searching the internet. Naturally, we wondered where people were getting the idea that they could do this.
What we found was a YouTube video purporting to show someone using a site called MangoCheats to add free Sweeps coins to their Chumba Casino account. New versions of the video have since popped up, suggesting that there have been efforts to take it down, but multiple accounts re-uploading slightly altered versions of it.
The MangoCheats site is a blog-style page with posts offering supposed “cheats” for various free-to-play products. Several sweepstakes social casino brands are among these, but there are also play money casino sites with no cash prizes, and non-casino mobile games. None of these cheats actually work.
In fact, clicking the button for most of these doesn’t do anything at all. However, attempting to use the cheat for one of the sweepstakes casinos activates the scam. These are of course the most appealing bait for potential victims, because Sweeps coins can be exchanged for real money prizes. The scammers are aware that many internet users will be chasing the dream of “free money” and exploiting that fantasy.
The Connection Between RewardZone USA and MangoCheats
There’s no indication of who runs the MangoCheats site. Apparent social media links, placed on the page to lend an air of legitimacy, don’t actually connect to any social media accounts.
Bonus does not believe that Fluent or RewardZoneUSA operates MangoCheats directly. Rather, it is presumably a third party company or individual being paid to direct traffic to them.
The MangoCheats domain was registered through NameCheap, a registrar based in Phoenix, Arizona. The registrant is anonymous but gave a physical mailing address in Iceland.
A Utah-based company called Davinci Virtual rents “virtual offices” at the address for $210 per month, allowing anyone to use it as their place of business without physically being there. It explicitly mentions that the address can be used for registering a website.
When a user attempts to use the hack, they will see a progress bar and notifications that make it appear as if the plan is working and Sweeps coins are getting added to their sweepstakes casino account. However, the process “fails” at the last moment and claims that “human verification” is required.
Clicking the button to perform that supposed step leads the user to a site called AppVerification.net. This has the same registrar and Icelandic mailing address as MangoCheats.
The AppVerification site provides the user with a list of offers to sign themselves up for, supposedly to complete their “verification.” The exact options are based on the geographical location of the user’s IP address. If visiting from the UK, they lead to offers on Amazon. In Canada, to a consent farming company called RewardsFlow.
On July 19, the options offered to US visitors included a rewards site operated by RewardZone USA.
Consent Farms Keep Popping Up
Subsequent checks on July 21 and July 25 resulted in a different array of consent farm sites. RewardZone USA was no longer among them. Instead, Bonus found MangoCheats to be leading users to sites operated by these lead generation companies:
- Consumer Test Connect
- Rewards & Samples
- C4R Media Corp.
- Flatiron Media
- DLZ Offers
- National Research Rewards
There was also an enticement to install the OperaGX web browser, which led to the official Opera site, but by way of two third-party redirects.
None of these appear to be affiliated with Fluent, perhaps because of the terms of the settlement. However, it suggests that there are many more of these companies operating than the FTC has taken action against so far.
Some of these companies appear to be based in the US: Consumer Test Connect in Colorado, C4R Media Corp. in New Jersey, and Flatiron Media in & DLZ Offers in New York.
However, three of them – Consumer Test Connect, National Research Rewards, and Rewards & Samples, LLC – have their domains registered to the same address in Iceland as MangoCheats and AppVerification.net.
What Rules Did Fluent Agree to Abide By?
Although Fluent has to pay $2.5 million, the more significant part of the settlement is a set of restrictions that will prevent it and its associated companies from operating anything like a consent farm in the future.
The terms it agreed to include:
- No further sales of user data to other companies
- The obligation to destroy user data at the government’s request
- A promise not to present rewards, offers, etc. in misleading terms
- Ensuring that any third parties offering rewards through Fluent follow through on the terms of their offers
- Not sending deceptive or unsolicited emails
- Not making or facilitating robo-calls in any way
- Not making any calls to numbers on the Do Not Call registry
- Ensuring that all third-party “publishers” working with Fluent abide by the same restrictions
- Detailed recordkeeping and submitting sworn compliance reports to the FTC, under penalty of perjury for the individuals signing them
Unfortunately, the number of companies doing similar things suggests that this will be a tough problem for the FTC to eradicate entirely.
That aspect provides another parallel with the gambling industry: Companies looking to circumvent online gambling laws do so by basing the illegal portion of their business in other countries but working in conjunction with US-based organizations to promote themselves. As the FTC continues its crackdown on US-based consent farms, the bad actors will move more and more pieces of their operations offshore to stay out of reach.