A new scam is impersonating WhatsApp and using the fraudulent claim that its victims will receive “free internet,” according to ESET researchers.
“Researchers in Latin America received a message on WhatsApp stating that the app was giving away 1,000 GB of internet data to celebrate its anniversary. It shouldn’t come as much of a surprise when we say that it was a scam,” the report said and then looked at the situation in greater detail.
The URL seemed suspect to the researchers, who noted that it wasn’t an official WhatsApp domain. “Even though businesses may sometimes run promotions through third parties, the rule of thumb here is to check on the company’s website to make sure any promotion is real and valid,” researchers added.
ESET researchers said they found no evidence that clicking the link resulted in the installation of malicious software.
However, a 2017 scam with a similar modus operandi also promising free internet signed the victim up for premium and costly SMS services. It also installed third-party apps on victims’ phones.
Another scam in 2018 spread on WhatsApp offered ‘free Adidas shoes’ as the bait, using the shoemaker’s 69th anniversary as the hook.
Indeed, clicking on the link delivers the user to a survey page with the WhatsApp logo at the top. Not surprisingly, those who fall for the scam and start answering questions are then invited to share the link with 30 friends in order to be entered in the drawing to win.
“Apparently their goal here is clicked fraud a highly prevalent monetization scheme that relies on racking up bogus ad clicks that ultimately bring revenues for the operators of any given campaign,” the report said. Because it can be repurposed to perform a variety of other functions, click fraud presents many different threats.
While they found no intention of phishing for personal information in the new WhatsApp scam, the researchers warned that could change in the future.
The fake WhatsApp message domain also has offered to pretend to be from other well-known companies, such as Rolex, Adidas, and Nestle.
Such forms of social engineering are a low-cost, high-reward type of cybercrime that plays on potential victim’s inclination to free products and/or services.
“If we want to avoid getting caught out, we need to keep up on the scammers’ methods and watch out for red flags,” write the ESET researchers.
For any Cyber Security information contact firstname.lastname@example.org