(Also read: NGL: the new trend that is booming on Instagram)
There are two identified modalities, one has to do with the false anniversary of a brand, it is included in the message that a well-known brand or service is celebrating its anniversary and is therefore offering some kind of gift or benefit.
The message includes a link so that the user can access their prize, but before obtaining it they usually have to complete a survey. Then, to continue, you must share the message with a certain number of WhatsApp contacts or groups. However, the gift or prize never materializes and the user is redirected to sites that display invasive advertising.
(You may be interested: Uber will have shared trips again, but only for a few cities)
The other is with a message of economic aid, the message is similar but the idea is to steal personal data such as name, date of birth, document number, nationality, among others, which in addition to being marketed in forums, are used by criminals to carry out other fraud.
(Also read: How to identify if you are being sold a fake cell phone charger)
-Hi how are you? Greetings to the distance. I send you a big hug.
Then continue with something similar to:
—I imagine you remember who is writing to you from Spain, right?
“Don’t tell me you’re Mireya?”
“Of course I do, how are they out there?”
The objective is to ask you for help, it asks for photos of your document on both sides to carry out the procedure, for example, to receive a package or something similar.
Remember that cybercriminals can also perform identity theft by downloading the contact list, the profile image of the account and other relevant information and they can create a fake profile with another number, but they also communicate directly from the stolen account with family and friends to request money for a supposed emergency or convince them to take some other action.
Even from the compromise of an email account they carry out identity theft scams through WhatsApp.
A few months ago, the case of a user who suffered the compromise of his Outlook account and the attackers downloaded a copy with the email’s contact list, photos and their full name. Then, with this and other information collected, they created WhatsApp accounts and contacted their contact list. impersonating the identity of the victim and offering dollars to sell.
But this process is exploited by attackers who seek to take control of accounts, both users and companies.
(Also read: Study explains why the silent mode of cell phones should be avoided)
The victim receives a text message or via WhatsApp on their phone asking if they can please resend the six-digit code that was sent to their phone by mistake. The message may be from a contact who has lost access to their account or from an unknown number.
If the unsuspecting victim accesses and resends the code that arrived unexpectedly, It is likely that you will lose control of your WhatsApp account if you did not have two-step authentication enabled.
(Also: Bancolombia: false message on behalf of the entity seeks to defraud customers)
Once the malicious app was installed, any message that reached the victim’s device was automatically answered with a personalized message that included a link to download the fake app.