It might just be one of the best times in history to be a hacker or cybercriminal. As we’ve seen across the internet, platform owners aren’t taking data security as seriously as they could be. At the same time, a staggering amount of folks on the web aren’t totally familiar with how to identify phishing schemes — making them highly vulnerable to this persistent type of attack.
Worst of all, phishing schemes aren’t limiting themselves to the realm of emails anymore. It’s not uncommon to encounter spoofed links on places like Facebook and Twitter, platforms like LinkedIn, and even on mobile apps like Instagram and Snapchat.
Now, WhatsApp — one of the most popular apps in the world –is at the center of a spam link epidemic. These links promise a huge amount of free internet data, only to bombard users with pop-up ads and sketchy code when they click on them. This is what you need to know about WhatsApp’s spam infestation — and what it might mean for your device if you happened to click!
What’s up with WhatsApp?
According to new reports from WeLiveSecurity, security researchers discovered a sweeping spam campaign affecting users in Latin America that has since spread to WhatsApp accounts around the world.
In its current form, WhatsApp users receive a message that pretends to be from the company itself — offering “1000 GB” of “Free Internet without Wi-Fi” to celebrate the 10th anniversary of WhatsApp.
The campaign functions much like a phishing scheme, only instead of stealing credentials, the link redirects users to a landing page filled with bots that click hosted advertisements without the user’s permission. This process fraudulently generates ad revenue for the scammers in charge.
With this mechanism of action, you can easily see why this scheme could make a large sum of money without too much trouble.
Now, imagine there are millions of people clicking on phony links that generate ad revenue. The numbers start to add up very quickly, so it’s important that the scammers get as many people to click the links as possible before the operation gets shut down.
As of now, it’s unknown just how many people clicked on these faulty links.
How can I protect myself from this scam operation?
Fortunately, researchers have determined that clicking the link doesn’t seem to put you at risk for identity theft or fraud (excluding the ad revenue fraud on the part of the scammers). At least not yet.
They do stress, however, that this kind of link (or a similar one) could easily be employed to that end if a scammer chose to pursue it. That’s why learning the red flags to spot for phishing links is such an important part of cybersecurity training.
To spot fraudulent links for yourself, one of the first things you can do is check the domain in the link (without clicking it, of course). Just hover over the link with your mouse to see where it would take you.
The first thing you’ll notice is that the link is likely shortened using a URL shortener. Even if it isn’t, it’s likely that the link won’t even be an official WhatsApp domain — which, by the way, should always end in “whatsapp.com.”
Another thing to consider: WhatsApp cannot even provide what the hackers claim they’re offering. 1000GB of free internet is something that would need to be negotiated with mobile carriers — like what Verizon did with Apple Music, for example. An unrelated company can’t just offer this on their own!
The bottom line: know the signs when it comes to phishing and link spam. Although hackers will sometimes go above and beyond to make their scams look realistic, the responsibility of avoiding their efforts falls into the hands of every internet user.
As it stands, hackers and cybercriminals aren’t going away any time soon. What can change, however, is how easily we fall for obvious ploys.
Stay smart, stay safe, and for heaven’s sake, don’t click on strange links — especially if they’re sent by people you don’t know! Nothing, not even “1000 GB of free internet,” is worth the risk!