Story image

Beware! New WhatsApp scam offering “free internet without Wi-Fi”

16 Jan 17

It seems that the number of scams spreading through the messaging app WhatsApp keeps on increasing, with deceptive campaigns coming up with with novel ways of luring in victims. Today we will show you a new example of this.

This particular WhatsApp scam promises users a free internet service, without needing to use Wi-Fi. Despite being complete nonsense from a technical point of view, the offer may nevertheless appear tempting to those unaware of the realities. And it’s also selling something pretty amazing …

Imagine being able to navigate with your smartphone wherever you are, without mobile data from your carrier or a Wi-Fi network. Who wouldn’t like that while on holiday abroad? It’s like magic … because it’s not real. Clicking on this scam won’t change that.

The decoy

As usual, the message spreads via WhatsApp groups or comes from a friend who “recommends” the service – often unaware of it. In this case, you receive a special invitation with a link:

Once you click on the link, the page will detect the device’s language and show the following images, with the intention of making the scheme credible and leading the victim to share the content with at least 13 people. Thus, the scam keeps spreading:

On the bottom of the screenshot you can see some comments from people who supposedly tried the service, stating that it works. This is a ruse. Clearly these messages and the profiles associated with them are fake – they aren’t on Facebook at all, so this is all part of the fraud.

As you can see in the image below, the scam can also be seen in Spanish (you will be automatically redirected to their default language depending on their browser settings). All of this goes on without you even noticing:

This behaviour is widely used nowadays, mostly because it allows cybercriminals to create different scams using the same pattern, in order to make them credible for users in multiple countries. This way, they don’t depend on a single country or language and they can target different nationalities all at once.

What happens after you share?

Having overcome the barrier of sharing, unwary users looking for free internet end up on sites where different actions may occur, ranging from subscription to premium and costly SMS services, to installation of third party apps, always with the goal of granting an economic return to the scammer.

Unfortunately, victims will only see offers, but no trace of free internet.

Tips to avoid falling in these campaigns

We have to keep in mind that education and security solutions are still the main tools users need to be safe online. Awareness about these scams should become viral faster than the scams themselves; however, we keep seeing an alarming rate of propagation.

If you know a victim, you can help by alerting their contacts to avoid hitting sour note. In case you want to report the fraud, you can flag it in your browser as is usually done in phishing campaigns.

Article by Lucas Paus, Welivesecurity.

Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).