Beware of Winning Voucher Link Received on WhatsApp, its Fake/Fraud/Scam (Updated)

Originally Posted on 2nd November 2015:

You might receive a msg from any of your friends on WhatsApp which will look similar to any of the following:

• Look http://sniflr.com/hm-voucher
• Look: http://sniflr.com/starbucks-voucher
• Look: http://sniflr.com/mcdonalds-voucher
• Look: http://sniflr.com/kfc-voucher
• Look http://sniflr.com/next-fashion-vouchers
• Look http://bit.ly/ikea-gift-cards
• Look http://wanklr.com/carrefour-giftcard 
• Look http://spenklr.com/carrefour-giftcard
• Look http://swinklr.com/win-samsung-galaxy-s7

If you receive such msg, delete it and don’t open it!

Once you click on the link, it opens a website showing a 1 min survey from famous brands like H&M, Starbucks, McDonalds.com, KFC, IKEA, Samsung, Next, SPAR, 7-Eleven, which will result in free voucher of a few 100s. This website is customized to your region thus you will see local cities names and local currency:

 

The customization of the region can be seen in the weblink, this is based on client side scripting, I changed the interface of the website by just changing the weblink:



If you proceed with the survey it will ask you a few questions and then it will ask you to share this survey with 10 friends on WhatsApp. You will also see some fake comment which will appear as if those are from Facebook:



If you click on Share it will ask you to open your WhatsApp. Once you have shared it, it will ask you to enter your information:



From here they will gather your personal data and then it will be used for either selling it to Spammers or for Customized Fraud where you will receive an email addressed to you (Phishing Hacking). (You can read more about it at:http://naumankhan.blogspot.com/2015/11/to-spot-phish-infographic-phishme.html)

Once you enter your data and click continue, you will see the following screen with promotions and in addition some spam/advertisements/adult websites will open:



Keep reading if you are into more technical details:

sniflr.com:
This website doesn’t show anything. It has been recently created and it is just a URL diverting platform for the Scammers. Previously they have used swaflr.com for the same purpose.

Sniflr.com - Detailed Analysis sniflr.com is 2 months old and is hosted on IP 104.27.132.78.Find more relevant facts and information about sniflr.com. http://stacksiteweb.com/domain/sniflr.com View Now

http://www.scamadviser.com Want to know more about a website before entering your credit card details on it ? Then check how safe it is at http://www.scamadviser.com http://www.scamadviser.com/is-sniflr.com-a-fake-sit… View Now

Un virus amenaza a todos en Whatsapp | Actual Mundo http://actualmundo.com/un-virus-amenaza-a-todos-en-… View Now

giftcard-promotions.com:
This is the website where the survey is hosted and you land on this website.

mcdonalds.Giftcard-Promotions.com - Giftcard-Promotions | Website Giftcard-Promotions Whois and IP information and related websites for mcdonalds.Giftcard-Promotions.com. WHOISGUARD, INC., P.O. BOX 0823-03411, PANAMA, PA 00000 http://mcdonalds.giftcard-promotions.com.ipaddress.… View Now

Is shengsiong.giftcard-promotions.com safe or a scam? Find out now! Find out if shengsiong.giftcard-promotions.com is safe website to browse or to online shopping. It could be unsecure: Malware, phishing, fraud and spam reports http://www.scamner.com/check/shengsiong.giftcard-pr… View Now

http://www.scamadviser.com Want to know more about a website before entering your credit card details on it ? Then check how safe it is at http://www.scamadviser.com http://www.scamadviser.com/is-starbucks-voucher.gif… View Now

giftcard-promotions.com domain information http://www.virustotal.com/en/domain/giftcard-promot… View Now

sweeply.net:
You will receive the email from this domain. This website is blocked in KSA.

http://www.scamadviser.com Want to know more about a website before entering your credit card details on it ? Then check how safe it is at http://www.scamadviser.com http://www.scamadviser.com/is-sweeply.net-safe.html View Now

Sweeply.net Reputation Review Check whether Sweeply.net is a scam or legitimate business with its trust rating, safe browsing status as well as https certificate and real users's reviews. http://scamanalyze.com/check/sweeply.net.html View Now

sweeply.net - Whois Data Whois data for sweeply.net: whois history, name servers, domain info, seo advice and much more. http://www.whoismind.com/whois/sweeply.net.html View Now

wingalaxys6.com:
This website will take you to a facebook event. The event will ask you to invite your friends to this event:

Invite Just 15 Friends & Get a Chance To Win Samsung Galaxy S6 | Facebook http://www.facebook.com/events/1573523039548175/ View Now

Win Galaxy S6 Free Win Galaxy S6 Free. 194 likes · 11 talking about this. 100 SAMSUNG GALAXY S6 PHONES FREE GIVEAWAY! http://www.facebook.com/galaxys6giveaway/ View Now

Wingalaxys6.com - Detailed Analysis wingalaxys6.com is 2 months old and is located in United Kingdom. It is hosted on IP 128.199.243.149.Find more relevant facts and information about wingalaxys6.com. http://stacksiteweb.com/domain/wingalaxys6.com View Now

wingalaxys6.com - Website and Domain information data - WSData.com wingalaxys6.com - domain information. United Kingdom, H9, London. http://wsdata.co/2015-08-27/wingalaxys6.com-domain-… View Now

If you would like to read more about similar Fraud/Scam cases then visit the following link:

urShadow's Blog: Beware of these Frauds/Scams !!! http://naumankhan.blogspot.com/2015/07/beware-of-th… View Now

-urShadow

Reference: http://www.welivesecurity.com/2015/10/07/whatsapp-scam-extends-multiple-countries-brands/