WhatsApp being highly popular amongst smartphone users today is highly prone to hoax messages and cyber criminals. While a lot of important messages get shared across the platform, cybercriminals take a huge advantage of most people out there who are not aware of the pros and cons of messages with urls being shared WhatsApp. For the last few years, since WhatsApp opened up the option to share a single message across to multiple contacts, cybercriminals have managed to make a quick buck by using tempting messages to lure people into sharing them across more people. And with messages being sent by known people, the recipient tends to believe and click on such messages.
In the past we have seen how cybercriminals would share hoax information about a new feature (like WhatsApp’s voice calling and video calling being enabled), many such hoax messages were used to lure recipients into clicking on the urls in the messages that leads them to advertisements. Each click helps the cyber crook to benefit and the recipient gets nothing but just wastes his data and time, and in the contrary, he also unknowingly shares these hoax messages across to his friends. Thus the chain of hoax messages spreads like wildfire and the cyber crook makes ample amount of dough.
Yesterday, we received a message from a friend which stated ‘OMG! Have you seen this?’ The message did not describe anything about the content, but simply had a link that was stating some ‘BigBillionDay13’ offer. Since the friend was a close one, (and we know that such messages are usually hoaxes, we still went ahead to click on the url to find out more. It turned out as we expected — a hoax message with a freebie offer.
On clicking the url, it took us to a ‘dummy’ website that claimed Amazon to have a ‘BigBillionDay’ offer with a ‘one-time’ spin the ‘Lucky Wheel’ chance to win some exclusive prizes. The page then shows a prize wheel that needs to be spun with a few comments below it claiming that they won some really great and unbelievable prizes.
On spinning the ‘wheel’, it rotates and stops at ‘free spin’ where the website excites you that you have one more spin for free. On doing so, the wheel spins again and stops at a Lenovo Vibe K4 16GB smartphone. To excite the user, the message continues stating that in order to claim the prize, you need to follow a few instructions ahead. This includes sharing your happiness about the ‘so-called prize’ with five friends. Only after sharing it with five friends will the message go away and you will see another page ahead. This page now claims that your prize is reserved for you and you will get it only after you complete one last step. This step forces you to download and install a free game ‘Castle Clash’ from the Google Play Store. ‘You need to install and use the game for at least 30 seconds in order to unlock the content ahead’ states the next message. On downloading the game, nothing happens and you don’t have any more claimed ‘prize’.
Well, though it does sound easy, you should know that you have actually clicked on links that have ads and you have made the crook richer by a few more dollars. Additionally, you now have also sent the same message to five more friends, who will then send it to more five and the chain goes on. This way, no one gets any prize, but they actually click on ads and make the cyber crook richer buy the hour.
Do note, though such hoax messages are become common and you only end up clicking on a few ads. However, the ads or pages you see could be having some embedded, invisible scripts that run automatically in the background. These scripts can harm your operating system by automatically creating backdoors into your smartphone and leak out sensitive information such as your contacts, messages, emails, photos, bank account details and much more. And it could also get worse—if you have a rooted smartphone, the scripts could hijack your operating system and the hacker could take control of your smartphone for good.
In such cases, we advise all WhatsApp users not to open any such messages, even if they are passed on by known people. If you think the message could be genuine, we suggest that you inquire back with the user about the message and the url inside it and then go ahead to open it. Alternatively, we also advise you to install an antivirus app to stay safe....