WhatsApp messages masquerading as an offer from Amazon with links luring unsuspecting users with the promise of Amazon International Women’s Day presents have been making the rounds on the app. If you receive such messages try to stay away from it, as it can be a scam.
The Research Wing of CyberPeace Foundation along with Autobot Infosec Private Limited have conducted a study based on a WhatsApp message that contained a link pretending to be a free gift offer from Amazon which asks users to participate in a short quiz in order to get a chance to win a Women’s Day gift.
|
Message as received on WhatsApp with the link
Warning Signs:
-
The campaign is pretended to be an offer from Amazon but hosted on the third party domain instead of the official Amazon website which makes it more suspicious. -
The domain name associated with the campaign has been registered in very recent times. -
Multiple redirections have been noticed between the links. -
No reputed site would ask its users to share the campaign on WA. -
The prize is kept really attractive to lure the laymen. -
Grammatical mistakes have been noticed.
A congratulations message appears on the landing page with an attractive photo of Amazon products that asks users to participate in a short quiz in order to get a Women’s Day gift. Also the bottom of the page seems to appear like a comment section with public comments establishing the truthfulness of the offer.
|
Look of the first page post opening the link
The quiz starts with some basic questions like “Do you know Amazon? How old are you? What you think about Amazon? Would you recommend us to your friends?”,etc. Once the user answers the questions a “congratulatory message” is displayed.
|
Fake Congratulatory message post the questions are answered
On clicking the OK button users are given three attempts to win the prize. After completing all the attempts a message pops up that the user has won “Samsung Galaxy S22 Ultra” mobile phone. It then prompts the user to share the message on WhatsApp.
Strangely enough the user has to keep clicking the WhatsApp button until the progress bar completes. After clicking on the green ‘WhatsApp’ button multiple times it shows a section where an instruction has been given to complete registration in order to get the prize.
After clicking on the green ‘FINISH’ button, it redirects the user to a promotional page of gearbest(.)com.
In background analysis the Research team found a site settrogens(.)com was being connected which may trigger the injection of other malware or unwanted programs.
Read and download the full report here: www.cyberpeace.org/CyberPeace/Repository/20220303-Research-Report-on-Amazon-International-Womens-Day-2022-Giveaway-scam.pdf
Conclusive Summary:
-
The whole research activity was performed in a secured sandbox environment where the WhatsApp application was not installed. If any user opens the link from a device like smartphones where WhatsApp application is installed, the sharing features on the site will open the Whatsapp application on the device to share the link. -
The campaign collects information from the users. -
During the investigation the Research team noticed the link redirects the user to a 404 error page if the user opens the link in the desktop computer. However if the link gets opened on a mobile device the campaign works fine. It means cybercriminals have targeted mainly mobile internet users through this campaign. -
Cybercriminals used Cloudflare technologies to mask the real IP addresses of the front end domain name used in the campaign.
CyberPeace Advisory:
-
CyberPeace Foundation and Autobot Infosec Private Limited recommend that people should avoid opening such messages sent via social platforms. -
Falling for this trap could lead to whole system compromise such as access to microphone, Camera, Text Messages, Contacts, Pictures, Videos, Banking Applications etc as well as financial loss for the users. -
Do not share confidential details like login credentials, banking information with such a type of scam. -
Never share or forward fake messages containing links to any social platform without proper verification. -
There is a need for International Cyber Cooperation between countries to bust the criminal gangs running the fraud campaigns affecting individuals and organizations to make the Cyberspace resilient and peaceful.