Saturday, July 9, 2016

Beware of Winning Voucher Link Received on WhatsApp, its Fake/Fraud/Scam (Updated)

Originally Posted on 2nd November 2015:

You might receive a msg from any of your friends on WhatsApp which will look similar to any of the following:
If you receive such msg, delete it and don’t open it!

Once you click on the link, it opens a website showing a 1 min survey from famous brands like H&MStarbucksMcDonalds.comKFCIKEASamsungNextSPAR7-Eleven, which will result in free voucher of a few 100s. This website is customized to your region thus you will see local cities names and local currency:

image imageimageimageimageimageimage

The customization of the region can be seen in the weblink, this is based on client side scripting, I changed the interface of the website by just changing the weblink:

image

If you proceed with the survey it will ask you a few questions and then it will ask you to share this survey with 10 friends on WhatsApp. You will also see some fake comment which will appear as if those are from Facebook:

imageimageimageimageimage

If you click on Share it will ask you to open your WhatsApp. Once you have shared it, it will ask you to enter your information:

image

From here they will gather your personal data and then it will be used for either selling it to Spammers or for Customized Fraud where you will receive an email addressed to you (Phishing Hacking). (You can read more about it at:http://naumankhan.blogspot.com/2015/11/to-spot-phish-infographic-phishme.html)

Once you enter your data and click continue, you will see the following screen with promotions and in addition some spam/advertisements/adult websites will open:

image

Keep reading if you are into more technical details:

sniflr.com:
This website doesn’t show anything. It has been recently created and it is just a URL diverting platform for the Scammers. Previously they have used swaflr.com for the same purpose.

Sniflr.com - Detailed Analysis
sniflr.com is 2 months old and is hosted on IP 104.27.132.78.Find more relevant facts and information about sniflr.com.
Clip Better http://stacksiteweb.com/domain/sniflr.com
View Now

http://www.scamadviser.com
Want to know more about a website before entering your credit card details on it ? Then check how safe it is at http://www.scamadviser.com
Clip Better http://www.scamadviser.com/is-sniflr.com-a-fake-sit…
View Now

Un virus amenaza a todos en Whatsapp | Actual Mundo
Clip Better http://actualmundo.com/un-virus-amenaza-a-todos-en-…
View Now


giftcard-promotions.com:
This is the website where the survey is hosted and you land on this website.

mcdonalds.Giftcard-Promotions.com - Giftcard-Promotions | Website
Giftcard-Promotions Whois and IP information and related websites for mcdonalds.Giftcard-Promotions.com. WHOISGUARD, INC., P.O. BOX 0823-03411, PANAMA, PA 00000
Clip Better http://mcdonalds.giftcard-promotions.com.ipaddress.…
View Now

Is shengsiong.giftcard-promotions.com safe or a scam? Find out now!
Find out if shengsiong.giftcard-promotions.com is safe website to browse or to online shopping. It could be unsecure: Malware, phishing, fraud and spam reports
Clip Better http://www.scamner.com/check/shengsiong.giftcard-pr…
View Now

http://www.scamadviser.com
Want to know more about a website before entering your credit card details on it ? Then check how safe it is at http://www.scamadviser.com
Clip Better http://www.scamadviser.com/is-starbucks-voucher.gif…
View Now

giftcard-promotions.com domain information

Clip Better http://www.virustotal.com/en/domain/giftcard-promot…
View Now



sweeply.net:
You will receive the email from this domain. This website is blocked in KSA.
image

http://www.scamadviser.com
Want to know more about a website before entering your credit card details on it ? Then check how safe it is at http://www.scamadviser.com
Clip Better http://www.scamadviser.com/is-sweeply.net-safe.html
View Now

Sweeply.net Reputation Review
Check whether Sweeply.net is a scam or legitimate business with its trust rating, safe browsing status as well as https certificate and real users's reviews.
Clip Better http://scamanalyze.com/check/sweeply.net.html
View Now

sweeply.net - Whois Data
Whois data for sweeply.net: whois history, name servers, domain info, seo advice and much more.
Clip Better http://www.whoismind.com/whois/sweeply.net.html
View Now



wingalaxys6.com:
This website will take you to a facebook event. The event will ask you to invite your friends to this event:

Invite Just 15 Friends & Get a Chance To Win Samsung Galaxy S6 | Facebook
Clip Better http://www.facebook.com/events/1573523039548175/
View Now


Win Galaxy S6 Free
Win Galaxy S6 Free. 194 likes · 11 talking about this. 100 SAMSUNG GALAXY S6 PHONES FREE GIVEAWAY!
Clip Better http://www.facebook.com/galaxys6giveaway/
View Now

Wingalaxys6.com - Detailed Analysis
wingalaxys6.com is 2 months old and is located in United Kingdom. It is hosted on IP 128.199.243.149.Find more relevant facts and information about wingalaxys6.com.
Clip Better http://stacksiteweb.com/domain/wingalaxys6.com
View Now

wingalaxys6.com - Website and Domain information data - WSData.com
wingalaxys6.com - domain information. United Kingdom, H9, London.
Clip Better http://wsdata.co/2015-08-27/wingalaxys6.com-domain-…
View Now

If you would like to read more about similar Fraud/Scam cases then visit the following link:

urShadow's Blog: Beware of these Frauds/Scams !!!
Clip Better http://naumankhan.blogspot.com/2015/07/beware-of-th…
View Now

-urShadow

Reference: http://www.welivesecurity.com/2015/10/07/whatsapp-scam-extends-multiple-countries-brands/

8 comments:

  1. I opened the link and entered first name, last name and email address. Unfortunately clicked on continue and directed to another page which was saying win iphone or something like that & immediately closed the browser as i thought it was a fake link that sent me from a whatsapp friend. Should i do something? Am i safe? Thanx in advance

    ReplyDelete
    Replies
    1. as they already hav ur info, u have to be careful about Phishing attacks against u, to read more about Phishing u can hav a look at http://naumankhan.blogspot.com/2015/11/to-spot-phish-infographic-phishme.html

      Delete
  2. i got the whats app link from my sister in law so did not think it bad, I did everything and as I sent out my email address my service providers web site immediately block my email address, I had to phone to have it reinstated, I have now received the confirming email from Sweeply" , is this real or am I in more trouble like loosing my data or air time off my phone???

    ReplyDelete
    Replies
    1. If you have not installed anything on your phone using any of the links on those sites then u shouldn't lose any data or air time, don't open emails from them, just mark them as spam and be careful about Phishing attacks against u, to read more about Phishing u can hav a look at http://naumankhan.blogspot.com/2015/11/to-spot-phish-infographic-phishme.html

      Delete
  3. thanks for the information

    ReplyDelete
  4. it's good that the links are no more working, means people r safe from atleast these links

    ReplyDelete
  5. Hi
    i want those landing pages
    Please send me landing pages
    To my email
    The link does not open in my desktop
    Please send the landing pages
    my email joukersat@gmail.com

    ReplyDelete
  6. The screenshots of landing pages r already mentioned above

    ReplyDelete

Related Posts Plugin for WordPress, Blogger...