Author Topic: WhatsApp? Quite a lot.  (Read 731 times)

0 Members and 1 Guest are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 13840
WhatsApp? Quite a lot.
« on: Tuesday, 07 November, 2017 @ 17:18:43 »
Quote
Fake vouchers for high street stores including Marks & Spencer, Tesco and Asda are being shared on WhatsApp - and they could leave you skint.

The messages are designed to look like they’ve been sent to you by an actual contact, who urges you to click on a link to claim the voucher.

The texts typically read: “Hello, ASDA is giving away £250 Free Voucher to celebrate 68th anniversary, go here to get it ... Enjoy and thanks me later !."

Clicking on the link - which looks like a real link from the retailer, but is actually bogus - will take you to a fake website.

The site will attempt to get you to hand over personal information, including financial details.

The site will also install cookies onto your phone that can track you, or add browser extensions that can show you unwanted ads.

When it comes to something like this, the classic rule remains true: If something looks too good to be true, then it probably is.
http://www.independent.co.uk/life-style/whatsapp-scam-tesco-asda-vouchers-how-to-spot-avoid-messages-links-crime-a8041096.html


If you use Android, be extra wary:

Quote
WhatsApp app tricked over a million users

Google Play has suffered another failure, as over one million users have been duped into downloading a fake version of WhatsApp made available in the official Android app store.
https://hotforsecurity.bitdefender.com/blog/fake-whatsapp-app-tricked-over-a-million-users-19195.html

Offline TonyKath

  • Global Moderator
  • Forum Deity
  • *****
  • Posts: 1691
Re: WhatsApp? Quite a lot.
« Reply #1 on: Tuesday, 07 November, 2017 @ 19:54:55 »
Quote
Fake vouchers for high street stores including Marks & Spencer, Tesco and Asda are being shared on WhatsApp - and they could leave you skint.

The messages are designed to look like they’ve been sent to you by an actual contact, who urges you to click on a link to claim the voucher.

The texts typically read: “Hello, ASDA is giving away £250 Free Voucher to celebrate 68th anniversary, go here to get it ... Enjoy and thanks me later !."

Clicking on the link - which looks like a real link from the retailer, but is actually bogus - will take you to a fake website.

The site will attempt to get you to hand over personal information, including financial details.

The site will also install cookies onto your phone that can track you, or add browser extensions that can show you unwanted ads.

When it comes to something like this, the classic rule remains true: If something looks too good to be true, then it probably is.
http://www.independent.co.uk/life-style/whatsapp-scam-tesco-asda-vouchers-how-to-spot-avoid-messages-links-crime-a8041096.html


If you use Android, be extra wary:

Quote
WhatsApp app tricked over a million users

Google Play has suffered another failure, as over one million users have been duped into downloading a fake version of WhatsApp made available in the official Android app store.
https://hotforsecurity.bitdefender.com/blog/fake-whatsapp-app-tricked-over-a-million-users-19195.html

Thanks Maik - I got two or three of these yesterday and ignored them as too good to be true.  On the other hand I didn't expect to get spam/malware via WhatsApp.  The Indy article spells out the possible risks but not how the apparently invulnerable WhatsApp system was cracked. 

 :btd:

Tony

Offline TonyD

  • Forum Deity
  • *****
  • Posts: 354
Re: WhatsApp? Quite a lot.
« Reply #2 on: Tuesday, 07 November, 2017 @ 21:20:18 »
WhatsApp has not been cracked. It's encryption capability has not been compromised.

The issue in this case involves recipients being easily duped into reading/clicking on unsolicited content delivered as a WhatsApp message.
Is that WhatsApp responsibility? No more so than Royal Mail delivering unsolicited 0% Credit Card offers I'd suggest.

As for the technically inept who failed to download the real WhatsApp program from the PlayStore.
What's to say? Is that WhatsApp's fault? Some people can't drive cars. Why is there an expectation that anyone can use a computer?

One solution would be for WhatsApp to strip out all hyperlinks from all messages. Sort of defeats it's purpose.

Make people buying phones/tablets/PCs take an IQ test is probably the better bet......


Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 13840
Re: WhatsApp? Quite a lot.
« Reply #3 on: Tuesday, 07 November, 2017 @ 21:45:39 »
Main thing was to make people aware of it, at least that was my way of thinking, probably the Indie's as well. Anyone who's interested in the nuts and bolts can google it.

The supermarket scam was a homographic attack, i.e. mixing alphabets. In this case the scammers used
ḍ / đ instead of a d, according to the BBC.

Something similar in the bogus version of WhatsApp:

Quote
So, how did the scammers – keen to earn advertising revenue by tricking users into downloading their ad-riddled version of the popular messaging service – manage to make it look like their bogus edition really did come from WhatsApp Inc.

For the answer we can blame a single character, a Unicode character that looks just like whitespace.

You see, the developer wasn’t “WhatsApp Inc.” but rather “WhatsApp Inc. ” (with what appears to be a trailing blank space).
https://hotforsecurity.bitdefender.com/blog/fake-whatsapp-app-tricked-over-a-million-users-19195.html


Other than that, it's just a case of people believing a message simply because a friend forwarded it to them. No driving licence required on the information super highway (which is obviously pretty dangerous).
« Last Edit: Tuesday, 07 November, 2017 @ 21:51:38 by Maik »

Offline TonyKath

  • Global Moderator
  • Forum Deity
  • *****
  • Posts: 1691
Re: WhatsApp? Quite a lot.
« Reply #4 on: Wednesday, 08 November, 2017 @ 14:49:56 »
Reading the Beeb story it wasn't a hack of the system it was simply an old fashioned chain letter persuading peeps to send it on.   :oki:

Tony