Book a Demo
Demo Centre

Emma Woods

If You Get This WhatsApp Message - Delete It

A new WhatsApp scam has been doing the rounds this week, with criminals using the messaging app to con victims into handing over their personal details.

Closeup of whatsapp application on iphone

If you’re a user of WhatsApp, then there’s a pretty good chance you may have received a generous £250 voucher from either Asda, Tesco or Aldi this week. There’s also a good chance you’ve realised this offer is way too good to be true - and you’d be completely right.

The phishing scam has been popping up a lot over the past few days, with people receiving fake vouchers through the app which are designed to dupe you into visiting dodgy websites that have been disguised as legitimate ones. The hope for these crooks is that you’ll then part ways with some of your personal information.

Although many of us would question this ‘generous’ offer in a heartbeat, there’s a particularly cunning feature to these fraudulent notifications - the messages themselves appear to come from trusted contacts.

The WhatsApp scam has already fooled a number of victims using this technique, whilst also encouraging people to then share the message with friends.

How does the WhatsApp scam work?

Step 1: Message Received

The WhatsApp scam works by sending a promotional voucher to people from a trusted ‘contact’, celebrating a supermarket’s anniversary. The URL that the user is encouraged to click on appears identical to the supermarket chains legitimate website - but there’s one small, crafty difference.

As you’ll see in the image below, the www.aldi.com/celebration domain contains a Latin character for the letter ‘d’, with a small dot underneath. To many, this slight change will seem like nothing more than a random smudge on their screens, proving incredibly hard to spot for unsuspecting victims.

Aldi scam.png

 

This message is a typical example of a smishing attack, used to dupe victims using SMS messaging (haven't come across smishing before? Learn more about it here).

Step 2: Click The Link

Once the victim clicks on the link, they’ll be directed to a survey. According to Action Fraud, the person is then urged to hand over their financial information.

closeup of url on a computer

Step 3: Part With Financial Information

Once the victim's financial information has been compromised, salt is further rubbed in the wound as they are then encouraged to share this scam with 20 friends in order to receive their £250 voucher. Sharing this message has given an incredibly damaging boost to the scam, as the voucher is seemingly legitimised by friends who have been duped.

Although yet to be verified, some victims have speculated that the message has been shared using their account after simply clicking the link, without submitting any details.

The scam then rather annoyingly concludes with the message: “Enjoy, and thank me later!.”

How can I avoid these types of scams?

Be wary of messages that include misspellings or grammatical mistakes, as well as ones that ask you to tap on a link, ask you to share your personal information, ask you to forward the message, ask you to click on a link to “activate” a new feature,  or claim that you have to pay to use WhatsApp.

woman drinking a cup of tea and reading a guide on her kindle

Topics: Phishing