A new scam on WhatsApp tries to use the proximity of the World Cup to attract more victims. A message with a malicious link, sent in the app, tries to get users to click by promising to deliver a free sticker album for the sporting event. The URL leads to a fake registration page, for the purpose of stealing sensitive information.
The phishing attack was detected by Kaspersky Lab this week. The scam has spread quickly among Brazilian users of the messaging application.
WhatsApp one of the most popular messengers in the world Photo: Anna Kellen Bull / Tech
How does WhatsApp make money? find it out
Criminal attacks that try to get users to click fake links have become increasingly common on WhatsApp. The application is one of the most popular in the world and has attracted the attention of cybercriminals. In Brazil alone there are more than 120 million registered accounts.
Since January 2018, at least four major attacks propagated within the messenger have been discovered, including fake promotions for Easter, perfume stores, snack bars and even the selection process.
New message used to attract victims Photo: Divulgao / Kaspersky Lab
The scam detected by Kaspersky Lab uses a well-known tactic using the innocence of users. A message promises to deliver the World Cup sticker album with 100 free stickers, after completing a registration. When clicking on the link, the user is redirected to a questionnaire.
Fake promotion pages Photo: Divulgao / Kaspersky Lab
After answering the questions, there is an option to share the message with your contacts. When clicking to send, the user is taken to another website that collects sensitive data, such as the phone number. With that, the victim can be registered, without consent, in paid services. In some cases, it is also taken to a page with dozens of advertisements – another way for criminals to raise money.
The World Cup takes place only in June, but there is already a flood of scams that try to fish for victims who are interested in the event. One, discovered in February, was trying to get people to sign up for their credit card to compete for a trip to Russia.
As another major event like this approaches, we will see many more hits using this theme, says Fabio Assolini, senior security analyst at Kaspersky Lab in Brazil. Bank promotions and credit cards usually ask for the full number, or the first 6 digits, to confirm that the person is eligible. Scammers use this fact to send malicious emails and also fake sponsored posts to clone victims' cards, he explains.
In January, WhatsApp started a test to prevent the spread of fake news and scams. But for now, the tool has not yet arrived for all users. Here are some quick tips to not be fooled. For more detailed information you can consult the Definitive Guide to not fall for WhatsApp, prepared by dnetc.
- Be wary of all the links that are sent to you, either by email or by messaging apps. This is true even for URLs sent by friends, especially those that use shorteners. Clicking always the best alternative
- Do not provide confidential information on forms from unknown sites
- Do not download unsolicited files
How to talk to someone on WhatsApp without adding to contacts? Find out in the dnetc forum.
Smarter WhatsApp: learn how to use automatic responses