WhatsApp users in the UK are being warned to delete scam messages masquerading as voucher deals that could be worth up to £100.
The scam comes in the form of a WhatsApp message from one of the victim’s contacts that encourages them to click on a link in order to receive a £100 worth of vouchers for the supermarket.
What is most worrying about the latest scam to target WhatsApp, which is regarded as one of the most secure messaging apps, is that the messages appear to have been sent by someone the receiver trusts, such as a friend or family member, when it is in fact fake.
The message reads: “Hey have you heard about this? Sainsbury’s is giving away £100 gift cards,” with a link to a site that appears to be an official Sainsbury’s one, but is in fact a scam.
Tidd gagging for that £100 Sainsbury’s gift card pic.twitter.com/swyHZmnDzv
— Lois (@loisadean) October 24, 2016
BEWARE!! A scam! £100 gift card from Sainsbury’s answer questions, send 10 messages to What’s App contacts. It’s NOT A Sainsbury’s promotion
— Grumpy Ole Man (@DelboyMk3) October 22, 2016
@sainsburys just received a whatsapp message from friends to a dodgy looking URL branded as you. I think its fake who do I forward it on to?
— Fung Lam (@Fungiam) October 23, 2016
Once the unsuspecting victim clicks on the malicious link, the scammers could then collect personal information from their device, install tracking cookies on their phone or add a browser extension that can be used to serve more adverts to them, according to security researchers. They could also install malicious software onto the unsuspecting user’s device.
“Before you click on that link, stop and think for a moment,” said Lee Munson, a security researcher from Comparitech. “While it is unlikely that you will win any competition you enter in the first place, such messages are often far darker than they first appear.
“They are almost never affiliated with the company in the tagline… and you have no idea which website the link will be taking you to.”
A spokesman for Sainsbury’s said: “We are aware of the issue and are advising customers to delete the message.”
How to protect yourself
Munson advises WhatsApp users that the best way to protect themselves from such scams is to install security software on their devices.
He also had some broader advice: “Employ some good judgement and never click on links to these types of sites, especially if asked to do so by someone who just sent you an unsolicited message.”
WhatsApp users that are suspicious of messages they receive from their contacts such as these are advised to reply and ask a question before clicking the link. It may be that the sender’s phone has automatically sent the spam message to all of their contacts without them knowing.
WhatsApp is also plagued by spam, hoax and phishing messages, in the same way that SMS and email are. Messages to pay particular attention to include those in which the sender claims to be associated with WhatsApp, if the sender asks you to forward the message, and if it offers you a reward.
If you receive a suspicious message WhatsApp recommends you report it to the company, “block the sender, disregard the message and delete it”.
Another way to protect yourself is to avoid downloading third party apps not created by WhatsApp, including those that let you spy on your friends.