WhatsApp's new scam has hit more than 10,000 Android and iPhone (iOS) users at a fake discount from McDonald's, the well-known fast-food chain. The victims received the message of a supposed coupon of $ 50 and, to get the offer, they had to answer a questionnaire and share the link with the contacts in the messenger. Personal data was then requested and people were directed to suspicious pages with advertisements or downloading malware-infected applications. The scam was identified by dfndr, the specialized lab of digital security company PSafe.
The strategy used by cybercriminals is based on social engineering, common on the Internet. The principle lies in the spontaneous provision of private information by users, who believe they are in a safe environment and therefore appeal to brands like Coca-Cola. As the most popular application in the world, WhatsApp becomes a target for this kind of practice. In addition, the platform sharing method, by forwarding and mailing list, can facilitate the sending of such fraudulent content. Remember that the social network has limited the forwarding function to only five contacts in order to restrict malicious maneuvers.
WhatsApp scam for PIS consultation affects over 200,000 people
WhatsApp favorite criminal app to reach many users in scams with promotions and discounts Photo: (Photo: Lucas Mendes / TechTudo)
Want to buy a cell phone, TV and other discounted products? Meet the Compare TechTudo
Similar scams are recurring in Mark Zuckerberg's instant messaging app, also responsible for Facebook and Instagram. Attempts by hackers and theft of user data led to the announcement of alleged benefits and promotions, such as the free diamonds in Free Fire Battlegrounds that had over 300,000 people hit. Another case in March this year involved cosmetics brand O Boticrio and affected more than 320,000 profiles. The company has had at least four scams on the platform that offered perfume giveaways, make-up and 100% discounts on beauty products in 2019.
In order to avoid falling into such scams, we need to check the information on other digital addresses, especially the brand's official website and social networks, where promotional campaigns are usually advertised. Another way is WhatsApp itself, which offers a native feature to report suspicious content. The measure helps developers delete the account because the messenger end-to-end encryption method prevents the interception and identification of shared content between users. The strategy is a security measure of the company.
PSafe also provides support on the dfndr lab website (https://www.psafe.com/dfndr-lab/en) to review link veracity. Avoiding sharing links without this kind of checking is also valid to protect yourself as it reduces the scope of fraud. Users also need to be wary of exaggerated discounts or promotions, which are often false and can bring financial losses.
How to talk to someone on WhatsApp without adding to contacts? Find out at TechTudo Forum.
WhatsApp offline? Trick delivers you from boring people; know how to use