In 2013 we shared a series of blog posts about several WhatsApp scams making the rounds redirecting people to pharmaceutical sites and malware.
In recent weeks we have seen that these scams have made a comeback and are evading modern spam filters.
Sample Spam Email:
Using the email above as an example, by pressing the 'Play' button on a Desktop or Mobile browser the user is taken to a site masquerading as an article from the BBC titled:
SPECIAL REPORT: We expose how to lose 23 lbs of Belly Fat in 1 Month With This Diet Cleanse That Celebrities Use
Instead of taking the user directly to the scam site, they try to dupe the would-be victim into thinking that the deal is legitimate by impersonating the above article. All other links lead to the real BBC site, however attempting to leave the page will also launch a pop-up window to the fake shop which can be confused for a legitimate advertisement.
Pop-up window loads when leaving the site:
If the user chooses to learn more about the 'celebrity cleanse' they are then taken to a site where they are prompted to enter personal information including personal email, postal address, and phone number.
Sample screenshot of the landing scam page:Read more:Security Watch: HP and FireEye team up for threat detection
Remember, always buy from a legitimate, trusted site. If something seems too good to be true, it usually is.
Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.