CyberPeace Foundation, along with Autobot Infosec Private Ltd, has launched an investigative report on WhatsApp messages masquerading as offers from Amazon, Adidas, and Tata.
These messages, which have been making the rounds on the app, come with links luring unsuspecting users with the promise of Women’s Day presents. The investigation was carried out to determine whether the campaign was legitimate or fraudulent.
The investigative report stated that the campaign pretended to be an offer from Amazon or Adidas but hosted on the third-party domain instead of the official Amazon or Adidas website, which makes it more suspicious.
The domain names associated with the campaign have been registered in very recent times. Multiple redirections have been noticed between the links.
The report further mentioned that no reputed site would ask its users to share the campaign on WhatsApp. The prizes are kept really attractive to lure the layman. . Furthermore, grammatical mistakes have also been noticed.
CERT-In warns users of multiple vulnerabilities in WhatsApp, WhatsApp Business for iOS
The report suggested that all the websites have different content but follow the same mechanism and procedure to attract users. The campaign collected browser and system information as well as cookie data from the victim’s device.
Caution for users
CyberPeace also released an advisory for people. It recommended that people should avoid opening such messages sent via social platforms. One must always think before clicking on such links or downloading any attachments from unauthorised sources.
Scammers target users posing as members of WhatsApp’s technical team: Report
Falling for this trap could lead to whole system compromisation (access to the microphone, camera, text messages, contacts, pictures, videos, banking applications, etc.) as well as financial loss for the users. One must always think before clicking on such links or downloading any attachments from unauthorised sources.
The Foundation also asked to not share confidential details like login credentials, banking information with such a type of scam.
“Never share or forward fake messages containing links with any social platform without proper verification,” it said in the report.