Giveaways have always been a reliable way to stir some attention online, and malicious actors are well-aware of this phenomenon. Therefore, it’s not as surprising to learn that security researchers from ESET have discovered a scam relying on WhatsApp, offering ‘free Internet’. Upon further investigation, the researches have discovered a whole network of similar fake giveaways, whose role is to attract ad-clicks. Surprisingly enough, the fraudulent campaign is free of malware, at least for now.
As happened numerous times already, scammers are using well-known brands to run fake giveaways and lure users into signing up. Something similar had recently happened with Instagram and American Express, whose users and customers fell pretty to phishing campaigns. This time around, malicious actors have decided to use WhatsApp as a recognizable brand that could easily attract potential targets. They’ve used the fact that WhatsApp is celebrating its tenth birthday this year, so their fraudulent campaign could be easier to pass if a person would do a quick Google search.
It’s reported that users of WhatsApp have been receiving a message saying ‘WhatsApp Offers 1000GB Free Internet’ followed by a link containing additional details. The link would then open a Web page that would appear as a real giveaway with a form that users would need to fill out. A prominent countdown is there to persuade you into acting quickly. Finally, before finalizing this process, a pop-up appears asking you to share the message with 30 other WhatsApp users, which would help this campaign to quickly extend its reach.
What’s important to be mentioned is that this fraudulent WhatsApp campaign isn’t connected to any malware. And interestingly enough, there’s no phishing involved either. So, you must be asking what’s the purpose of this fake giveaway campaign? Well, according to ESET, the goal is to rack up bogus ad clicks that would bring revenue to the operators of this campaign. However, this could easily change at any moment, as implementing malware or a clever phishing scheme wouldn’t take much time or effort to produce results. And finally, it’s worth noting that the domain in question turned out to be related to numerous scams relying on worldwide popular brands.
This is yet another example of how social engineering works, helping malicious actors to easily spread their reach. As ESET reminds us, make sure to take a close look at any types of promotional messages that you receive via email or IM. Don’t just click on any links blindly, and make sure to always check out who’s sending you the message and where does it lead you. Unfortunately, WhatsApp is pretty much helpless in this case, as spreading the message about this fraudulent campaign is the only thing that can be done.
Have you received any suspicious messages on WhatsApp, related to giveaways? Have you experienced any similar problems with this platform? Make sure to let us know in the comments section below, and don’t forget to follow us on Facebook and Twitter. Thanks!