Scam impersonates WhatsApp, offers ‘free internet’

The fraudulent campaign is hosted by a domain that is home to yet more bogus offers pretending to come from other well-known brands

Recently, ESET researchers in Latin America received a message on WhatsApp stating that the app was giving away 1000 GB of internet data to celebrate its anniversary. It shouldn’t come as much of a surprise when we say that it was a scam, but let’s look at it in greater detail.

Figure 1. The ruse

What strikes us right off the bat here is that the URL that comes with the message is not an official WhatsApp domain. Even though businesses may sometimes run promotions through third parties, the rule of thumb here is to check on the company’s website to make sure any promotion is real and valid.

Nevertheless, if you were to click on the link, you would be taken to a page that invites you to answer a series of questions in the form of a survey – ranging from how you found the offer to your opinion on the app.

Figure 2. The ‘survey’

While you would be responding to the questionnaire, the site would invite you to pass along the offer to at least 30 more people in order to qualify for the big ‘reward’. Needless to say, this is merely a way to boost the campaign’s reach.

Figure 3. The ploy designed to boost the campaign’s reach

So, what are the fraudsters running this WhatsApp-themed scam looking to gain from it? Apparently their goal here is click fraud – a highly prevalent monetization scheme that relies on racking up bogus ad clicks that ultimately bring revenues for the operators of any given campaign.

Even though in this case we found no evidence that clicking the link led to the installation of malicious software or that there was any intention to phish for personal information, it doesn’t mean that this cannot change at any time.

Meanwhile, the same domain that hosts this scam is also home to many other ‘offers’, each pretending to come from a different company, including Adidas, Nestle and Rolex, to name but a few. The number of Google-indexed sites in Figure 4 shows how the cybercriminals behind these campaigns multiply the fraudulent offers that they are launching into cyberspace.

Figure 4. A sample of more scams run by the operators of the WhatsApp-themed fraud

At its simplest, this fraud is a riff on the same motif that we wrote about in 2017, when a similar WhatsApp-themed scam made the rounds. It also promised to unlock free internet access, but in reality you would end up on sites that signed you up for premium and costly SMS services or installed third-party apps on your smartphone. And in 2018, meanwhile, perhaps the same fraudsters used ‘free Adidas shoes’ as the bait. Regardless of the tune, the end goal was invariably the same – give the scammers an easy way to line their pockets.

Attacks that rely on social engineering are rampant, simply because they continue to be very effective. Con artists know full well that everybody likes to receive something for free or help others, and these are just some of our traits that make us susceptible to fraud.

If we want to avoid getting caught out, we need to keep up on the scammers’ methods and watch out for red flags. In addition, if it sounds too good to be true, it probably is – sticking to that old and beautifully simple adage will go a long way toward bolstering your safety.

29 Jul 2019 – 11:30AM

Latest Posts