Originally Posted on 2nd November 2015:
You might receive a msg from any of your friends on WhatsApp which will look similar to any of the following:
Once you click on the link, it opens a website showing a 1 min survey from famous brands like H&M, Starbucks, McDonalds.com, KFC, IKEA, Samsung, Next, SPAR, 7-Eleven, which will result in free voucher of a few 100s. This website is customized to your region thus you will see local cities names and local currency:
The customization of the region can be seen in the weblink, this is based on client side scripting, I changed the interface of the website by just changing the weblink:
If you proceed with the survey it will ask you a few questions and then it will ask you to share this survey with 10 friends on WhatsApp. You will also see some fake comment which will appear as if those are from Facebook:
If you click on Share it will ask you to open your WhatsApp. Once you have shared it, it will ask you to enter your information:
From here they will gather your personal data and then it will be used for either selling it to Spammers or for Customized Fraud where you will receive an email addressed to you (Phishing Hacking). (You can read more about it at:http://naumankhan.blogspot.com/2015/11/to-spot-phish-infographic-phishme.html)
Once you enter your data and click continue, you will see the following screen with promotions and in addition some spam/advertisements/adult websites will open:
Keep reading if you are into more technical details:
sniflr.com:
This website doesn’t show anything. It has been recently created and it is just a URL diverting platform for the Scammers. Previously they have used swaflr.com for the same purpose.
giftcard-promotions.com:
This is the website where the survey is hosted and you land on this website.
sweeply.net:
You will receive the email from this domain. This website is blocked in KSA.
wingalaxys6.com:
This website will take you to a facebook event. The event will ask you to invite your friends to this event:
If you would like to read more about similar Fraud/Scam cases then visit the following link:
-urShadow
Reference: http://www.welivesecurity.com/2015/10/07/whatsapp-scam-extends-multiple-countries-brands/
You might receive a msg from any of your friends on WhatsApp which will look similar to any of the following:
- Look http://sniflr.com/hm-voucher
- Look: http://sniflr.com/starbucks-voucher
- Look: http://sniflr.com/mcdonalds-voucher
- Look: http://sniflr.com/kfc-voucher
- Look http://sniflr.com/next-fashion-vouchers
- Look http://bit.ly/ikea-gift-cards
- Look http://wanklr.com/carrefour-giftcard
- Look http://spenklr.com/carrefour-giftcard
- Look http://swinklr.com/win-samsung-galaxy-s7
Once you click on the link, it opens a website showing a 1 min survey from famous brands like H&M, Starbucks, McDonalds.com, KFC, IKEA, Samsung, Next, SPAR, 7-Eleven, which will result in free voucher of a few 100s. This website is customized to your region thus you will see local cities names and local currency:
The customization of the region can be seen in the weblink, this is based on client side scripting, I changed the interface of the website by just changing the weblink:
If you proceed with the survey it will ask you a few questions and then it will ask you to share this survey with 10 friends on WhatsApp. You will also see some fake comment which will appear as if those are from Facebook:
If you click on Share it will ask you to open your WhatsApp. Once you have shared it, it will ask you to enter your information:
From here they will gather your personal data and then it will be used for either selling it to Spammers or for Customized Fraud where you will receive an email addressed to you (Phishing Hacking). (You can read more about it at:http://naumankhan.blogspot.com/2015/11/to-spot-phish-infographic-phishme.html)
Once you enter your data and click continue, you will see the following screen with promotions and in addition some spam/advertisements/adult websites will open:
Keep reading if you are into more technical details:
sniflr.com:
This website doesn’t show anything. It has been recently created and it is just a URL diverting platform for the Scammers. Previously they have used swaflr.com for the same purpose.
|
|
|
giftcard-promotions.com:
This is the website where the survey is hosted and you land on this website.
|
|
|
|
sweeply.net:
You will receive the email from this domain. This website is blocked in KSA.
|
|
|
wingalaxys6.com:
This website will take you to a facebook event. The event will ask you to invite your friends to this event:
|
|
|
|
If you would like to read more about similar Fraud/Scam cases then visit the following link:
|
-urShadow
Reference: http://www.welivesecurity.com/2015/10/07/whatsapp-scam-extends-multiple-countries-brands/
I opened the link and entered first name, last name and email address. Unfortunately clicked on continue and directed to another page which was saying win iphone or something like that & immediately closed the browser as i thought it was a fake link that sent me from a whatsapp friend. Should i do something? Am i safe? Thanx in advance
ReplyDeleteas they already hav ur info, u have to be careful about Phishing attacks against u, to read more about Phishing u can hav a look at http://naumankhan.blogspot.com/2015/11/to-spot-phish-infographic-phishme.html
Deletei got the whats app link from my sister in law so did not think it bad, I did everything and as I sent out my email address my service providers web site immediately block my email address, I had to phone to have it reinstated, I have now received the confirming email from Sweeply" , is this real or am I in more trouble like loosing my data or air time off my phone???
ReplyDeleteIf you have not installed anything on your phone using any of the links on those sites then u shouldn't lose any data or air time, don't open emails from them, just mark them as spam and be careful about Phishing attacks against u, to read more about Phishing u can hav a look at http://naumankhan.blogspot.com/2015/11/to-spot-phish-infographic-phishme.html
Deletethanks for the information
ReplyDeleteit's good that the links are no more working, means people r safe from atleast these links
ReplyDeleteHi
ReplyDeletei want those landing pages
Please send me landing pages
To my email
The link does not open in my desktop
Please send the landing pages
my email joukersat@gmail.com
The screenshots of landing pages r already mentioned above
ReplyDelete