SecurityBrief Asia logo
Story image

Beware! New WhatsApp scam offering “free internet without Wi-Fi”

16 Jan 2017

It seems that the number of scams spreading through the messaging app WhatsApp keeps on increasing, with deceptive campaigns coming up with with novel ways of luring in victims. Today we will show you a new example of this.

This particular WhatsApp scam promises users a free internet service, without needing to use Wi-Fi. Despite being complete nonsense from a technical point of view, the offer may nevertheless appear tempting to those unaware of the realities. And it’s also selling something pretty amazing …

Imagine being able to navigate with your smartphone wherever you are, without mobile data from your carrier or a Wi-Fi network. Who wouldn’t like that while on holiday abroad? It’s like magic … because it’s not real. Clicking on this scam won’t change that.

The decoy

As usual, the message spreads via WhatsApp groups or comes from a friend who “recommends” the service – often unaware of it. In this case, you receive a special invitation with a link:

Once you click on the link, the page will detect the device’s language and show the following images, with the intention of making the scheme credible and leading the victim to share the content with at least 13 people. Thus, the scam keeps spreading:

On the bottom of the screenshot you can see some comments from people who supposedly tried the service, stating that it works. This is a ruse. Clearly these messages and the profiles associated with them are fake – they aren’t on Facebook at all, so this is all part of the fraud.

As you can see in the image below, the scam can also be seen in Spanish (you will be automatically redirected to their default language depending on their browser settings). All of this goes on without you even noticing:

This behaviour is widely used nowadays, mostly because it allows cybercriminals to create different scams using the same pattern, in order to make them credible for users in multiple countries. This way, they don’t depend on a single country or language and they can target different nationalities all at once.

What happens after you share?

Having overcome the barrier of sharing, unwary users looking for free internet end up on sites where different actions may occur, ranging from subscription to premium and costly SMS services, to installation of third party apps, always with the goal of granting an economic return to the scammer.

Unfortunately, victims will only see offers, but no trace of free internet.

Tips to avoid falling in these campaigns

We have to keep in mind that education and security solutions are still the main tools users need to be safe online. Awareness about these scams should become viral faster than the scams themselves; however, we keep seeing an alarming rate of propagation.

If you know a victim, you can help by alerting their contacts to avoid hitting sour note. In case you want to report the fraud, you can flag it in your browser as is usually done in phishing campaigns.

Article by Lucas Paus, Welivesecurity.

Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More
Story image
Mobile devices biggest enterprise security threat - report
Businesses have left themselves vulnerable and open to cyber criminals in the rush to ensure their workforce could operate remotely during the Covid-19 pandemic.More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
Cohesity appoints its very first CISO
In the newly created role, new appointee Brian Spanswick will focus on advancing and optimising IT and security for Cohesity and its customers, the company says.More
Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
Users becoming more savvy with COVID phishing scams
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks."More