July 29, 2019

Fake WhatsApp message offering “free internet” is after clicks, not bank details

By Robert Scammell

A fake WhatsApp message offering “1000 GB free internet without WiFI” is trying to harvest users’ clicks to carry out click fraud.

Click fraud involves scammers gaming the number of views to a website where advertising revenue is determined by the number of clicks on a page.

Researchers from cybersecurity firm ESET, based in Latin America, were recently sent the Fake WhatsApp message and carried out a subsequent investigation of it.

The message purports to be giving away 1000GB of internet data to celebrate the messaging app’s 10-year anniversary, which took place in February.

Fake WhatsApp message

The fake WhatsApp message, with the domain blurred for security reasons.

In addition to the suspicious language, the URL accompanying the message is not from a WhatsApp domain.

Clicking the link takes users to a questionnaire, which asks questions such as “How did you know about our offer?”

Users are then asked to share the questionnaire with at least 30 more people to qualify for the “free internet”. This then spreads the reach of the click fraud campaign.

Fake Whatsapp message

The fake questionnaire.

Does the fake WhatsApp message scam install malware?

ESET researchers said they found no evidence that clicking the link resulted in the installation of malicious software.

However, a 2017 scam with a similar modus operandi – also promising free internet – signed the victim up for premium and costly SMS services. It also installed third-party apps on victims’ phones.

Another scam in 2018 spread on WhatsApp offered ‘free Adidas shoes’ as the bait, using the shoemaker’s 69th anniversary as the hook.

While they found no intention of phishing for personal information in the new WhatsApp scam, the researchers warned that could change in the future.

The fake WhatsApp message domain also has offers pretending to be from other well-known companies, such as Rolex, Adidas and Nestle.

Such forms of social engineering are a low-cost, high-reward type of cybercrime that plays on potential victim’s inclination to free products and/or services.

“If we want to avoid getting caught out, we need to keep up on the scammers’ methods and watch out for red flags,” write the ESET researchers.

“In addition, if it sounds too good to be true, it probably is – sticking to that old and beautifully simple adage will go a long way toward bolstering your safety.”

Read more: The WhatsApp spyware was created by a private company – and that’s a bigger concern than security flaws