WhatsApp's latest scam promises job openings at Cocoa Show, Havan and the Samu Mobile Emergency Service. Attracted by the proposals, which involve good salaries and no need for experience, about 55,055 victims accessed the fake link provided and shared personal information with hackers.
The information comes from the digital security company PSafe, which also warns of the strategy of cybercriminals to reproduce the visual identity of brands as closely as possible, using a practice called phishing that uses social engineering. Remember that in 2018, another attack also used a fake Cacau Show selection process and hit over 1 million people in just 24 hours.
WhatsApp Retrospective: Top 10 App Highlights of 2018
WhatsApp: New scams promise jobs Photo: Luciana Maline / TechTudo
Want to buy a cell phone, TV and other discounted products? Meet the Compare TechTudo
Total hits and shares detected for the Cocoa Show and Havan fake pages indicate 35,857 for the chocolate maker and 13,198 for the retail store chain. Both ads promised salaries of R $ 1,799 and benefits to work in different areas of the companies. However, in the case of the food company, at the conclusion of the alleged process, the victim was encouraged to share vacancies with 10 people or five groups, until "fill the bar", common practice in this type of crime.
In contact with TechTudo, Cocoa Show reinforces that it does not use WhatsApp or sends a link by email to communicate vacancies or recruit professionals. Job information is only available on official company channels on Vagas.com, Catho and LinkedIn.
Scam simulates job openings offered by chocolate company Photo: Reproduo / Psafe
In addition to reaching out to those in need of a new job, this type of specific phishing has been shared to help someone who needs to return to the job market. "Hackers are increasingly taking advantage of the high unemployment rate in the country to draw the attention of Internet users," warns Emilio Simoni, director of PSafe's dfndr lab. With personal data, the bad guys could make malicious use, which could lead to theft and even fraud involving the name of the victims.
The use of famous companies name recurring in this type of crime. In December 2018, a company like the fast food chain Burguer King suffered from a fake promotion that offered product discounts. Uber also faced a situation similar to a coup that promised a rebate of $ 300 in Plus mode races of the transport service.
Havan fake job site Photo: Reproduction / PSafe
Scam uses public service name
In the case of the false vacancies for Samu, more than 6,000 people would have been fooled by the alleged work in the public health service, according to the ESET security solutions company. "Samu is a public service and, like other services of this type, requires participation in a competition and the fulfillment of some minimum requirements so that the candidate can effectively be part of the staff," the company warns.
Message with fake job offer from Emergency Mobile Service (Samu) Photo: Reproduction / We Live Securite
The message offered pay of up to R $ 3,348.21, even to those who had no experience. By clicking on the link, the user is directed to a website developed by hackers with a fake security seal through which to enter their personal information. Next, the victim was directed to a page on which he was supposed to prove not to be a robot by manually forwarding the job to 10 contacts or groups in WhatsApp.
After fulfilling the requirement, cybercriminals promised that the person would be redirected to the site where they could send the resume. "We conducted some tests and found that the user was directed to two separate sites. Although one site allows a simple registration to be carried out, neither allows resumes to be sent, let alone display concrete information about the vacancies offered," explains one. ESET report.
To avoid being a victim of this kind of fundamental scam, the user should be aware of some characteristics of these messages. First of all, you should be suspicious of exaggerated promises, too good toasts or exorbitant salaries. It is also common for them to contain grammatical errors and requests that the content be shared with other contacts.
Those who suspect suspicious messenger practices may use a native feature to report the sender's profile. The function is available in the version of the Android and iPhone (iOS) application. In addition, it is worth checking the content prepared by TechTudo which lists six behaviors that should be avoided in WhatsApp to preserve your security. These include the lack of 2-step verification, a backup method to protect your account, and the use of WhatsApp Web on any computer.
WhatsApp offline? Trick delivers you from boring people; know how to use