Getting text messages from random numbers is disturbing. But spam messages aren’t just annoying; they can also be a dangerous vehicle for malware. And these days, pretty much every medium we use to communicate is vulnerable to spam messages, emails, social media messaging apps, and yes, even WhatsApp.
With two billion active users, it is perhaps no surprise that WhatsApp spam is a common issue. The ability to send functional external links on WhatsApp is reportedly being exploited by scammers, especially during any festive season, on special days, or on sales when users are more active on the platform.
Scammers are developing new ways and techniques to dupe citizens. They are creating fake messages with attractive offers or services to lure users, and due to gifts and heavy discounts, these messages get spread far and wide.
Recently, a new WhatsApp scam on “Amazon 2022 Mother’s Day Contest”Is doing the rounds promising rewards to the users if they click on the given link. You might feel a captivating itch to click on the link, but do not! It’s a scam !!
Fig1. Fake WhatsApp message
So, what is this new WhatsApp scam message, and how does the campaign work?
Based on the investigations by Quick Heal Security Lab researchers, several similar links listed below were used in this scam to spread this malicious campaign –
- h ** ps[:]// wp20[.]ru / c388479855 /
- h ** ps[:]// wp20[.]ru / c266451525 /
- h ** ps[:]// wp20[.]ru / c310535342 /
- h ** ps[:]// wp20[.]ru / c325815112 /
- h ** ps[:]// wp20[.]ru / c192352998
Below are the screenshots of the step-by-step procedure users must follow to get the promised reward.
1. The link leads to a Fake Amazon page –
Fig2. Fake Amazon Website
2. Here it asks users to allow notifications from this site. The permission acquired now can be used maliciously in the future.
Fig3.Website Asking to allow show notification
3. Next, it asks the user to share it further with more people to claim the reward.
Fig4.Website asking users to share this link
After forwarding the message to friends, the site redirects to different sites each time. Some of these further redirect to Google Play applications and other sites redirect the user to similar fake sites.
The objective of this campaign is: –
- To promote their Apps & increasing the download counts
- Potentially drop malicious Android application (APK) files in future
- Generate advertising revenue
How to stay safe from such WhatsApp scams?
If you are a Quick Heal antivirus user, you need not worry! Our advanced features keep you safe by blocking these malicious websites
Fig5. Malicious Website Blocked by Quickheal
But, if you are still wondering how to block texts, you can take several quick and easy steps to stop getting messages from a specific number and reduce your overall vulnerability to spammers and the online scams they perpetuate.
- Do not respond! It is suggested not to click on any such suspicious links and do not believe in any such WhatsApp messages that claim to offer free rewards or gifts.
- The distinction is important! With all the festivities, sales and heavy discounts, and special days like Mother’s Day around us, it is common to get frequent forwarded messages. But always double-check the scheme from the official websites of the products or services and validate them before clicking on any link.
- A huge part of WhatsApp spam is making you open a link in the message. Never act or click on any suspicious links – it’s only going to try and illicit your details, banking details, login credentials, or any other form of data that has value. Always verify the source and authenticity of such messages.
- If you receive such messages from a friend, advise them not to act (click on a link or reply) and not to share with their contacts. If you have received such a message from an unknown number, consider blocking it.
- Most importantly, do not forward such messages to your friends or peers. By doing so, you are only helping criminals succeed in their nefarious purpose of robbing people.
- Spam often uses the same generic tactics to try and dupe you. Look for any spelling mistakes or frequent forward message signs to stay aware.
- Always an authentic Antivirus solution like Quick Heal that allows you to block dangerous websites and harmful links in real-time to keep your identity safe no matter where you go or which device you are using.
Attackers are using different tricks to spread malicious content to make people fall prey to social media scams. They can harm users’ devices by downloading and installing harmful or potentially dangerous applications and stealing data. Stay safe by ignoring any unsolicited messages on social media.