WhatsApp was one of the criminals' favorite targets to try to capture information from users through virtual scams in 2018. They used fake promotions from famous brands like Burger King, O Boticrio and Cacau Show to trick people into clicking malicious links and thus be vulnerable to theft of private data. The plan was to obtain information to steal the victims and even, in some cases, apply fraud on their behalf. According to experts from digital security companies, millions of people have been affected in the past few months.
In addition to the messenger, a fake promotion promised a discount coupon of R $ 300 from Uber Plus and, according to DFNDR Lab, at least 85 thousand people were affected. Other schemes set up by hackers also used other social networking platforms like Facebook and Instagram. This was a way to diversify the attacks and reach more users, mainly through Android and iPhone (iOS) phones. Check below the list of the main scams involving WhatsApp and other web services in 2018.
How to track WhatsApp: know how to check the location of friends
WhatsApp scam involved the cosmetics brand O Boticrio Photo: Tainah Tavares / TechTudo
Want to buy cell phones, TV and other discounted products? Meet Compare TechTudo
1. Fake Burger King coupon
Burger King was the first major brand to have its name attributed to a false promotion on social networks this year. In early January, a link with a satisfaction survey on customer service promised discounts on fast food purchases if the user answered questions and shared with friends, a common use of the social engineering method. The prize would be a R $ 50 coupon on snacks. When clicking on the email address, the user's number was enrolled in paid SMS services and was induced to download fake apps that infected the cell phone.
Burger King has already been used to attract victims in a coup on WhatsApp in 2018 Photo: Divulgao / ESET
According to DFNDR Lab, PSafe's digital security lab, at least 350,000 users clicked on the fake link. Burger King confirmed that the action was a scam and reinforced that real promotions are only disclosed on its official channels, such as website and social networks, in addition to physical coupons.
2. False discount on Uber
PSafe detected a scam that uses Uber's name on fake profiles and pages Photo: Divulgao / PSafe
A fake promotion spread on websites and social networks promised a discount coupon of R $ 300 from Uber Plus, an Uber loyalty program that was not launched in Brazil. To win the prize, the user would have to fill out a form with personal and bank details, which would be stolen by criminals. According to DFNDR Lab, at least 85,000 people had access to the link and exposed themselves to infection with malicious software capable of accessing personal data.
Uber acknowledged that the promotion was a fraud and instructed users to always check if links with offers and discounts are directed to the company's official website and never share registration data a strategy to avoid falling into scams on the Internet.
3. Fake selection process at Cacau Show
With the high unemployment rate, criminals spread texts and images on WhatsApp about an alleged selection process of the chocolate company Cacau Show, for vacancies as a salesman, cleaning assistant and Young Apprentice. By clicking on the address, the victim would have to enter personal data in order to participate in the false selection. In just 24 hours, more than a million people had already accessed the malicious platform and were in danger of being stolen from hackers collecting information.
Coup on WhatsApp offers job vacancies at Cacau Show Photo: Divulgao / PSafe
Cacau Show denied the information on its official Facebook page, and explained that job opportunities are only publicized on its official channels, such as the website and social networks.
4. Promotion of O Boticrio copied by criminals
Cybercriminals imitated a real promotion created by the cosmetics company O Boticrio, in which users should refer friends to win moisturizing lotions from the Nativa SPA line. Thus, they produced a fake link containing the same information as the original offer to disclose via WhatsApp. When clicking on the scam, the user released the smartphone to receive notifications that could contain malicious links, with the danger of having their data stolen.
Fake page asked if user "would like to receive a free sample of Nativa Spa moisturizing lotion?" Photo: Divulgao / PSafe
What caught the eye in this scam was the use of "https: //" in the fake address, which gave the user the impression of accessing a secure page, as this code is one of the security indications of the pages on the web. According to PSafe, at least 140,000 people have been cheated. According to O Boticrio, the link was taken down.
Fake Easter promotion message on WhatsApp Photo: Divulgao / PSafe
In March, a period prior to Easter, a lying advertisement offered R $ 800 gift cards on WhatsApp. For this, the bandits used images of bunnies and chocolate eggs, traditional for this period of the year. Despite not being associated with any famous brand, the scam directed users to a malicious page called "Prized Easter".
As in other frauds, the victim would have to fill out a form and, without knowing it, would authorize his smartphone to receive notifications from hackers, who could access the user's bank data by cell phone. In this way, those responsible for the criminal scheme could steal amounts of money from the telephone user. According to PSafe, which discovered the trick, more than 300,000 people tried to access the link.
6. Number cloned in WhatsApp
A new type of scam hit WhatsApp in December, this time "cloning numbers" without breaking the messenger's security. Criminals bought new chips and called operators to reactivate that card's number, with the excuse of having their cell phone stolen or lost. With the line reactivated, the bandits had access to groups and contacts of the former user, and from then on, they contacted friends and family pretending to be the victim to ask for the deposit of values. The most used justifications were the purchase of household appliances or the payment of debts.
According to information from the Cear de Ciberntica de Cigerntica da Polcia Civil do Cear, more than 5,000 people have already been harmed throughout Brazil. WhatsApp recommends enabling two-step verification as a measure to prevent the scam. To the recipients, the suggestion is to call the person before carrying out any banking transaction, to confirm that the conversation is true.
About 50 thousand Brazilians were impacted on WhatsApp with an offer of tickets for Marvel's "Avengers: Infinite War" movie. According to PSafe, when clicking on the link, the user would have to fill out a form with fake questions, which always "rewarded" the victim, regardless of the answers. This was the trick used by the bad guys to capture data from users of the messaging platform.
Message about "Avengers" shows Marvel's official website, but when clicking, the user reaches the fake page Photo: Divulgao / PSafe
Disney said the promotion and the website were not valid. In addition, he stressed that all communication with Marvel's Brazilian fans takes place only through the company's official Facebook, Instagram and Twitter.
In June, a malicious message circulated through WhatsApp and took advantage of the PIS-Pasep payment to promise the worker an easy way to view the balance of the benefit. About 116,000 people were injured because of this criminal strategy. The page displayed a text with the signature of Caixa Econômica Federal and indications on the release of the amounts. As with other scams, the user would have to answer a series of questions to access the content.
Domain used in this scam had already appeared in malicious campaigns in the past Photo: Divulgao / ESET
An indication that it was a scam was the address used in the message. This one presented the domain with ending ".top"According to PSafe, the code had already been used in other previous frauds and, therefore, it served as an alert for people to just click on links that direct to the official page of the services. One of the actions to be taken to verify the sequence of elements responsible for taking the user to an online address.
Link distributed on WhatsApp deceives users and leads to mass sharing Photo: Divulgao / PSafe
A fake promotion offered R $ 70 in mobile credits in exchange for sharing the message on WhatsApp. The malicious link installed applications on the victims' smartphones and, despite not being dangerous, generated revenue for criminals with each download. Recharging, of course, was never granted. At least 26,000 users have been affected by the hackers' strategy.
PSafe said the scam was more sophisticated than the previous ones, as the page featured fake Facebook comments, in order to give more credibility to the process and encourage the victims to complete the procedure. One way to increase interaction and dissemination among users of the social messaging network.
10. Fake Ray-Ban on Instagram
Posts with a fake discount of up to 90% on Ray-Ban glasses are spread on Instagram Photo: Nicolly Vimercate / TechTudo
A fake ad spread on Instagram with the promise of offering Ray-Ban branded glasses at up to 90% off. The posts were published without authorization in the accounts of the users, who were taken by surprise. The action was possibly the result of data theft pishing, very easy passwords to be broken or even the use of malicious apps with authorization to access the social network login and password.
Ray-Ban has positioned itself to alert consumers to be suspicious of very low prices, in addition to not buying fake products in clandestine stores. The company stated that it is always necessary to check the prices of the items on the official website before making any transaction.
How to delete contacts from WhatsApp? Users respond on Frum TechTudo.
WhatsApp offline? Trick gets rid of boring people; know how to use