Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Smartphone phishing campaign via WhatsApp offers sport shoes as “prize”

by The Gurus
June 15, 2018
in Editor's News
Share on FacebookShare on Twitter

Since early 2018, some of your WhatsApp contacts may have sent you a very interesting offer for sport shoes: “Adidas is offering 2,500 pairs of shoes to celebrate its 69th anniversary” The message is followed by a link from which to obtain the promised item. Looking closer at the link in the message, there’s no dot above the short vertical line that should be the letter “i”. This is a homoglyph (often referred to as homograph) attack, incorporating a link that looks legitimate but is actually spoofed by replacing one character with another that looks the same to the unwary eye.

When browsing the website from the spammed WhatsApp message, a few checks are made to ensure that the request is made from a mobile device such as a smartphone. Should the mobile device checks succeed, the website then obtains geolocation data for the visitor’s IP address, and depending on the country the visitor may be redirected. The countries targeted in this round were Norway, Sweden, United States, Netherlands, Belgium, Pakistan, Nigeria, Kenya, Macau and India. But as the cybercriminals expand the attack, Ireland and the UK could be next.

After being redirected, visitors see a four-question survey. Whatever the victims answer, they are rewarded with a message saying that they are “qualified” to get a free pair of shoes. Of course, they are told that they must share this offer to their friends on WhatsApp to get the “prize”​. When tapping the WhatsApp share button, the victims see a list of their contacts, from which to choose further recipients of this “offer”. Victims then have a few questions to answer and are also told they have to share the ad on Facebook so they will (supposedly) be able to claim their shoes for $1.

A last form is presented to the victims, asking for their contact details. The completion of this purchase will subscribe you to the “organizejobs” service and they will charge you the cost of a premium account, which is $49.99 per month. In the end, victims will pay $1 for a pair of shoes without being able to choose the model or the size, and which the previous experience of others suggests will never be received. On top of that, victims will be charged $50/month 7 days after the payment. 

What to do? How to stay safe?

Here are some tips that should help you to recognize this kind of scam:

  • Upon receiving such messages, ask the purported senders if they really sent them, as it could have been sent without their knowledge by malware installed on their phone.
  • Search the internet for the offer. In this case, several websites mentioned the ongoing phishing attack.
  • Use your favourite search engine to get a link to the company website. If the offer is not present on the site then it’s probably a scam. Mtlblog contacted the shoe company which confirmed the scam.
  • If at all unsure, do not click any links and delete the message containing them or ignore it until it scrolls off your feed.

If you receive this kind of message, don’t hesitate to report it. You can notify the abused brand and you can report phishing to ESET at http://phishing.eset.com/.

 

Full story with screenshots of the scam (free to use) at ESET Ireland’s official blog.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

We need to talk about application security

Next Post

Are you the biggest threat to your employer?

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information