A fake WhatsApp message offering “1000 GB free internet without WiFI” is trying to harvest users’ clicks to carry out click fraud.

Click fraud involves scammers gaming the number of views to a website where advertising revenue is determined by the number of clicks on a page.

Researchers from cybersecurity firm ESET, based in Latin America, were recently sent the Fake WhatsApp message and carried out a subsequent investigation of it.

The message purports to be giving away 1000GB of internet data to celebrate the messaging app’s 10-year anniversary, which took place in February.

Fake WhatsApp message
The fake WhatsApp message, with the domain blurred for security reasons.

In addition to the suspicious language, the URL accompanying the message is not from a WhatsApp domain.

Clicking the link takes users to a questionnaire, which asks questions such as “How did you know about our offer?”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Users are then asked to share the questionnaire with at least 30 more people to qualify for the “free internet”. This then spreads the reach of the click fraud campaign.

Fake Whatsapp message
The fake questionnaire.

Does the fake WhatsApp message scam install malware?

ESET researchers said they found no evidence that clicking the link resulted in the installation of malicious software.

However, a 2017 scam with a similar modus operandi – also promising free internet – signed the victim up for premium and costly SMS services. It also installed third-party apps on victims’ phones.

Another scam in 2018 spread on WhatsApp offered ‘free adidas shoes’ as the bait, using the shoemaker’s 69th anniversary as the hook.

While they found no intention of phishing for personal information in the new WhatsApp scam, the researchers warned that could change in the future.

The fake WhatsApp message domain also has offers pretending to be from other well-known companies, such as Rolex, Adidas and Nestle.

Such forms of social engineering are a low-cost, high-reward type of cybercrime that plays on potential victim’s inclination to free products and/or services.

“If we want to avoid getting caught out, we need to keep up on the scammers’ methods and watch out for red flags,” write the ESET researchers.

“In addition, if it sounds too good to be true, it probably is – sticking to that old and beautifully simple adage will go a long way toward bolstering your safety.”

Read more: The WhatsApp spyware was created by a private company – and that’s a bigger concern than security flaws