Recently, ESET researchers in South America received a message on WhatsApp stating that the app was giving away 1000 GB of internet data to celebrate its anniversary. However, it shouldn’t come as a surprise that it was a scam. What is striking right off the bat is that the URL that comes with the message is not an official WhatsApp domain. Even though businesses may sometimes run promotions through third parties, the rule of thumb is to always check the company’s website to make sure any promotion is real and valid.
If you click on the link, you are taken to a page that invites you to answer a series of questions in the form of a survey – ranging from how you found the offer to your opinion on the app. While responding to the questionnaire, the site invites you to pass along the offer to at least 30 more people in order to qualify for the big ‘reward’. Needless to say, this is merely a way to boost the campaign’s reach.
So, what are the fraudsters running this WhatsApp-themed scam looking to gain from it? Apparently their goal is click fraud – a highly prevalent monetisation scheme that relies on racking up bogus ad clicks that ultimately brings in revenue for the operators of any given campaign. Even though in this case we found no evidence that clicking the link led to the installation of malicious software or that there was any intention to phish for personal information, it doesn’t mean that this cannot change at any time.
Meanwhile, the same domain that hosts this scam is also home to many other ‘offers’, each pretending to come from a different company, including Adidas, Nestlé and Rolex, to name but a few.
At its simplest, this fraud is similar to a WhatsApp-themed scam made that made the rounds in 2017. It also promised to unlock free internet access, but in reality you would end up on sites that signed you up for premium and costly SMS services or installed third-party apps on your smartphone. And in 2018, perhaps the same fraudsters threw out ‘free Adidas shoes’ as the bait. Regardless of the tune, the end goal was invariably the same – give the scammers an easy way to line their pockets. Attacks that rely on social engineering are rampant, simply because they continue to be very effective. Con artists know full well that everybody likes to receive something for free or help others, and these are just some traits of the human condition that make us susceptible to fraud.
If we want to avoid getting caught out, we need to keep up on the scammers’ methods and watch out for red flags. In addition, if it sounds too good to be true, it probably is – sticking to that old and beautifully simple adage will go a long way toward bolstering your safety.