A new WhatsApp scam has been doing the rounds this week, with criminals using the messaging app to con victims into handing over their personal details.
If you’re a user of WhatsApp, then there’s a pretty good chance you may have received a generous £250 voucher from either Asda, Tesco or Aldi this week. There’s also a good chance you’ve realised this offer is way too good to be true - and you’d be completely right.
The phishing scam has been popping up a lot over the past few days, with people receiving fake vouchers through the app which are designed to dupe you into visiting dodgy websites that have been disguised as legitimate ones. The hope for these crooks is that you’ll then part ways with some of your personal information.
Although many of us would question this ‘generous’ offer in a heartbeat, there’s a particularly cunning feature to these fraudulent notifications - the messages themselves appear to come from trusted contacts.
The WhatsApp scam has already fooled a number of victims using this technique, whilst also encouraging people to then share the message with friends.
How does the WhatsApp scam work?
Step 1: Message Received
The WhatsApp scam works by sending a promotional voucher to people from a trusted ‘contact’, celebrating a supermarket’s anniversary. The URL that the user is encouraged to click on appears identical to the supermarket chains legitimate website - but there’s one small, crafty difference.
As you’ll see in the image below, the www.aldi.com/celebration domain contains a Latin character for the letter ‘d’, with a small dot underneath. To many, this slight change will seem like nothing more than a random smudge on their screens, proving incredibly hard to spot for unsuspecting victims.
This message is a typical example of a smishing attack, used to dupe victims using SMS messaging (haven't come across smishing before? Learn more about it here).
Step 2: Click The Link
Once the victim clicks on the link, they’ll be directed to a survey. According to Action Fraud, the person is then urged to hand over their financial information.
Step 3: Part With Financial Information
Once the victim's financial information has been compromised, salt is further rubbed in the wound as they are then encouraged to share this scam with 20 friends in order to receive their £250 voucher. Sharing this message has given an incredibly damaging boost to the scam, as the voucher is seemingly legitimised by friends who have been duped.
Although yet to be verified, some victims have speculated that the message has been shared using their account after simply clicking the link, without submitting any details.
The scam then rather annoyingly concludes with the message: “Enjoy, and thank me later!.”
How can I avoid these types of scams?
Be wary of messages that include misspellings or grammatical mistakes, as well as ones that ask you to tap on a link, ask you to share your personal information, ask you to forward the message, ask you to click on a link to “activate” a new feature, or claim that you have to pay to use WhatsApp.