The Research Laboratory of ESET Latin America, leader in proactive threat detection, identified a hoax that is distributed by message via WhatsApp , in which it is stated that due to its new anniversary WhatsApp would be giving away 1000 GB of traffic Internetvía Wi-Fi.
When you click on the link, you come to a page that invites you to answer a series of questions as a survey. It goes from how it came to the offer, to what the user’s opinion about the application is.
After answering the questionnaire, the site invites the user to share the offer with at least 30 people to be able to become the prize’s creditor. Even a script was detected that accounts for how many times the message is shared with the offer, with the aim of maximizing the viralization of the message, and thus, the attempt to scam the users.
These kinds of attacks that make use of social engineering techniques remain in force, especially since they continue to be very effective for the cybercriminals to understand that all users like to win something or help another, so it is still very Important that people investigate more the domain and offer itself before accessing any link that arrives. In this specific case it is clear that it is not an official domain of the company. Although companies can launch promotions through third parties, it must be verified on the official site of the company if it is a real and effective promotion.
The goal of this scam is to show publicity throughout the whole process. That is, no evidence was found that second malicious programs would be installed or that there was any attempt to steal additional information. In this sense, the monetization of this campaign is directly linked to the delivery of advertising ads in a massive and unauthorized way.
During the ESET investigation he also found the existence of a new site dedicated to swindling hundreds of unsuspecting users through several phishing campaigns. After analyzing the number of pages indexed within this domain it was observed that there are at least 66 “offers” different, each simulating being a brand or different company, such as Adidas, Nescafé, Sorrel soups, Rolex watches, for example. While this is from a different domain, in the case of Nescafé, this is a campaign of phishing that is similar to the one reported a couple of weeks ago pretending to be of Nespresso and seeks to deceive users by providing a coffee maker free.
As you can see in the image, within the results there are sites indexed for several months and others that appear as created in the last time. While it is something that has already been seen and reported with previous domains, from ESET highlights the number of sites indexed in this particular case, which shows how criminals behind these campaigns seek to grow in the number of threats that launch into cyberspace.
“From ESET we strongly recommend to have strong security solutions, both in mobile devices and desktop, as the first barrier of protection, because in the analyses made with active protection, access is to these pages is Filtered by the anti-phishing module of the solutions, avoiding access to them. However, the importance of education as Internet users cannot be left aside, as well as being informed of the threats and techniques that exist and through which campaigns are constantly launched into the network. The more cautious the user, the better informed and the more you think before you click, the more chances are to leave phishing to the drift, “said Luis Lubeck, specialist in computer security at ESET Latin America.
From the ESET Latin America Lab we share 6 keys to recognize fake phishing emails:
1-Pay attention to detect if the message really proves that the sender knows something about the user and, first of all, if it is a known contact: Service providers do not send messages addressed to “Dear customer,” without any personalization, so as to avoid falling into the trap of the “false personalization” of the message, as a meaningless reference number that cannot be verified.
2-Distrust attachments and embedded links: Hardly a vendor sends a message asking to log in from an integrated link in an email, even if the message is properly customized. If you receive a message with these features, you must first verify the link independently with a known source. In turn, it is recommended not to rely on unsolicited files or on links embedded in the message, even if they come from companies or trusted friends.
3-Take basic precautions: hover over the link to see the link is key when checking the veracity of it. On the other hand, if you receive a promotion too good to be real, look for the same in the official networks of the brand to verify its existence.
4-Do not be tormented by threats: avoid panic or react immediately, without appropriate precautions, to threats that will suspend or delete an account. Most companies don’t act that way.
5-Do not get excited about the clicks: Do not fall into the compulsivity of accepting all the conditions of any software by the mere fact of having a security program, there are new codes that may not be detected. This is why it is important to identify malicious sites or unsafe files to avoid them. Knowing the risks is the best way to not be deceived.
6-Pay attention to details: rudimentary phishing messages, text only and misspellings that were common a few years ago, today are unusual although the form of attack did not change but improved the quality of Social engineering used and its presentation. Now the attack vectors were moved to other forms of messaging, such as SMS (text messaging), social media such as Facebook and Twitter, and even voicemail.