A new scam is going viral on Facebook and WhatsApp. It promises to win a 500 euro voucher, but in reality money is deducted from the SIM
A message shared by a friend of ours on Facebook or sent via WhatsApp in which we are warned of the possibility of winning a 500 euro Conad voucher, a discount for an Alitalia flight or get promotions on Carrefour products. This is the latest scam that is going viral on WhatsApp in recent weeks. Raising the alarm is cybersecurity expert Group-IB, which discovered the scam and immediately warned users.
This is a classic case of phishng attack. You grab users’ attention with fake promotions, invite them to click on a link and they land on a page that looks identical to the original site (in this case Conad, Alitalia or Carrefour), but is actually just a fake copy. As soon as you press the button to get the promotion, you activate a subscription service and money is deducted from your SIM account. Logically, the companies involved in this scam are unaware of everything and are themselves victims.
How the fake discount coupon scam works
The modus operandi is identical to those of other scams that have already affected thousands of users in the past. You receive a message on WhatsApp from a friend who invites you to click on a link to get a Conad voucher worth 500 euros, a discount on a plane ticket with Alitalia or the chance to buy promotional products from Carrefour.
Once you have clicked on the link you are redirected to a site that looks exactly like that of one of the three companies, but which is actually just a copy. To get the coupon you must participate in a survey and at the end you have to put “like” to a Facebook page and share the message on the social network and WhatsApp. In this way, the scam becomes viral.
All operations are completed, you have to click on a button to get the promotion. And this is where the scam is triggered. Instead of getting the discount coupon, you activate a subscription service on your smartphone that automatically scales the money from your SIM card.
How to defend yourself from the scam
Group-IB has discovered 114 fake websites used by the crooks to carry out their scams: 28 of them turn out to be still working. Ilya Rozhnov, head of Group-IB brand protection team, made a statement to the newspaper la Repubblica in which he said that the number of users affected by this scam could be very high. And in the coming days it might even increase.
To recognize that it is a phishing attack it takes very little: when you are redirected to the website that seems to be the company’s one, the URL is fake. The domain ends with .win, .top, .money and in the URL we find words like voucher and gift. If you discover such cases, report the site to the appropriate authorities immediately.