Although this is nothing new, it is still widely used by cybercriminals and unfortunately we see every day how many people fall for scams in WhatsApp. This kind of scam involving social engineering should be avoided through education and raising user awareness. The following screenshot shows how that function is called on certain devices:įigure 5 – Services and websites showed after the redirections These previous campaigns could be displayed on both mobile devices and desktop computers. This is an ‘update’, since previous campaigns did not have this extra line of code (see below).
If you were to try to open it from a regular computer, an error would be displayed and the app would exit. In addition, this type of campaign is only functional if viewed from a mobile browser - for instance, from a smartphone or a tablet. Thus, the attackers hope that campaign will remain undetected for longer and will only be accessed by victims who directly access the link. It is interesting to note that in this case cybercriminals added a line of code to disallow search engines like Google or Bing to index their content, using the “noindex” function. Here, the ‘only 150 coupons left’ is the social engineering technique used to try to induce the victim to click quickly, without thinking.
Once the user clicks on the link we see in the figure below, the victim is redirected to a survey containing several questions, similar to the following:įigure 1 – Survey used to divert attention If the concept of social engineering is unfamiliar to you, we discuss this in more detail below. The victims of this scam are the key players in the spread of the campaign. This is an example of social engineering, used in both marketing and cyberattacks: it is the art of inducing people to perform certain acts that they might not otherwise be inclined to perform. The text offers you a chance to receive a voucher, allegedly from Burger King, for a certain sum of money. The scam begins with an instant message in WhatsApp, which usually comes from a known contact or group. The WhatsApp scam campaign, so far, has spread in at least the following languages: English, German, Spanish, Portuguese, and Italian. In this post, we will show our readers how not to fall into these traps, and also what technical resources attackers use.
This fake survey promises a chance at a discount coupon from Burger King, but ultimately ends by signing up victims to services that were not requested. Just when it seemed that the latest round of scams via WhatsApp was coming to a close, we have discovered a new one. Just when it seemed that the recent raft of WhatsApp scams were coming to a close, we have discovered a new one.
0 kommentar(er)
