/ SECURITY WATCH

WhatsApp Scam. Don’t Get Fooled By Phishing Links

Popular articles

10 / 04 / 2018

WhatsApp Scam. Don’t Get Fooled By Phishing Links

Love gifts? Of course you do. Try to name someone who doesn’t and you’ll be left scratching your head for hours. Well, as tempting as freebies might be, think twice before falling for online giveaways. Scammers can use your fear of missing out on a gift to launch phishing attacks, just like they did through WhatsApp a week ago. Read on and learn how to prevent revealing your private info to scammers.

What happened

Last Friday a new phishing attack was discovered in WhatsApp messenger, as Sophos.com reports. Some users received a message from a fake Virgin Atlantic account that claimed to grant two free tickets to every family that entered the giveaway. Sounds too good to be true, doesn’t it?

Source: nakedsecurity.sophos.com

The truth is this tempting offer was a phishing attack aimed at stealing sensitive WhatsApp user data. And you won’t believe how simple this particular phishing scam turned out to be.

How it works

First, you receive a WhatsApp link from a sender that seems to be a well-known company raffling free vacation tickets. Usually, the reason for the giveaway is some huge event, like an anniversary. To get these “free” tickets, you’ll only need to tell them your age and share their link with your 20 friends or groups. Needless to say, the scam spread like wildfire.

Phishing attackers want you to chase a free gift and not think twice about following their instructions. Their method also gives them a quick way to steal personal data simply by asking questions as part of the entry method. Sadly, thousands of users blinded by a generous prize were happy to do that.

This time Virgin Atlantic was the fake account. Next time, it could be Best Buy or Amazon. No matter how amazing the offer seems, pause and think. How could a company generate revenue if it easily gives away its products or services to everyone? If that sounds ridiculous to you, it is. And there are a few tools you can use to spot the scam.

How to avoid being trapped with a phishing link

  1. Visit the official website. Go to the official webpage of the legitimate sender (Virgin Atlantic in the WhatsApp case) and check if they’re actually running the promotion in question. In 95% of cases they aren’t. And if they are, the gift is usually much less generous.

  2. Pay attention to the link. Scammers prefer using so-called Punycode to encode internationalized domain names. This means the phishing link can start with www.xn--. That is the first sign you’d better step away from these kinds of giveaways.

  3. Take a closer look at the link. Look thoroughly the name of the company’s URL. If it contains any non-Roman letter – bad news. For example, the WhatsApp scam link looked like this:

www.xn--viginatlantic-jm1g.com

viṛginatlantic.com

In the first example, the “r” letter is missing, and in the second one the Roman “r” is replaced with the “ṛ”  symbol. If you see this, then certainly avoid clicking such links and don’t share them with others.

Online scams are very popular, especially today when everyone seems like they were born with a smartphone. While phishing scams can be dangerous, knowing how to protect yourself against them can help mitigate the risk. Be careful out there and share only verified links.