A fake WhatsApp message offering “1000 GB free internet without WiFI” is trying to harvest users’ clicks to carry out click fraud.
Click fraud involves scammers gaming the number of views to a website where advertising revenue is determined by the number of clicks on a page.
Researchers from cybersecurity firm ESET, based in Latin America, were recently sent the Fake WhatsApp message and carried out a subsequent investigation of it.
The message purports to be giving away 1000GB of internet data to celebrate the messaging app’s 10-year anniversary, which took place in February.
In addition to the suspicious language, the URL accompanying the message is not from a WhatsApp domain.
Clicking the link takes users to a questionnaire, which asks questions such as “How did you know about our offer?”
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
Users are then asked to share the questionnaire with at least 30 more people to qualify for the “free internet”. This then spreads the reach of the click fraud campaign.
Does the fake WhatsApp message scam install malware?
ESET researchers said they found no evidence that clicking the link resulted in the installation of malicious software.
However, a 2017 scam with a similar modus operandi – also promising free internet – signed the victim up for premium and costly SMS services. It also installed third-party apps on victims’ phones.
While they found no intention of phishing for personal information in the new WhatsApp scam, the researchers warned that could change in the future.
The fake WhatsApp message domain also has offers pretending to be from other well-known companies, such as Rolex, Adidas and Nestle.
Such forms of social engineering are a low-cost, high-reward type of cybercrime that plays on potential victim’s inclination to free products and/or services.
“If we want to avoid getting caught out, we need to keep up on the scammers’ methods and watch out for red flags,” write the ESET researchers.
“In addition, if it sounds too good to be true, it probably is – sticking to that old and beautifully simple adage will go a long way toward bolstering your safety.”