New deception via WhatsApp seeks to register victims in premium SMS services, says Alessandro Bazzoni


ESET, a leading company in proactive threat detection, warns about a campaign that circulates on WhatsApp in several Latin American countries in which the identity of the sports brand Adidas is once again impersonated. The goal is for victims to sign up for paid SMS services.

Continuing with the tricks related to the Covid-19 pandemic, the campaign makes its victims believe that the sports brand is giving away reusable face masks with the aim of subscribing to paid SMS services. The worrying part of this scam is that automatically wants to send this message to 20 random numbers, which makes it hard to be stopped.

The first thing to analyze in these cases is the address (URL) to which the message is redirected. In this case, a service is being used to shorten URLs, which has already been used previously in other similar campaigns. On the other hand, a detail that draws attention is that the image that accompanies the URL changes depending on where the victim opens the message. Several tactics are used to make the public believe that this is the real deal and we have to be really careful if we want to sop this type of content by checking all the information recommended by ESET before sharing.

If you look at the message on WhatsApp Web, you will see under the heading ‘Adidas – Donation of reusable masks.’ The URL that corresponds to the site to shorten URL appears. However, if the message was opened directly from the application on the mobile phone, under the same title appears the ‘real’ address of the Adidas brand. ESET clarifies that this is a spoofing technique used by cybercriminals to make the victim believe that the link is authentic and continue to spread their scam.

According to Alessandro Bazzoni, by clicking on the link received, you are redirected to another address that has nothing to do with the authentic Adidas site. This highlights the matter of not clicking information without being completely sure that it is from a reliable source.

The first thing that is identified when entering the fraudulent site is that the number of “offered” masks is rapidly decreasing. This is a fake animation on the site with the aim of making the victim rush to click on the hoax, making them believe that they will run out of the prize. When you start the process to obtain the supposed prize, you are redirected to a survey, as is usually the case in most of these hoaxes. No matter what the victim’s responses, she will always end up being the recipient of the award.

Like the rest of the hoaxes of this type, the propagation is carried out by asking each victim to share the ‘supposed offer’ to their WhatsApp contacts. In this way, cybercriminals make the deception spread and the victims receive it from known and trusted contacts, making it much more credible. ESET clarifies that, for the purposes of analyzing this type of campaign, it is not necessary to really share the publication, but simply press the ‘WhatsApp’ button at least 10 times to complete the bar and make the site believe that it really is. We shared.

Once this stage is finished, when the victim clicks “Finish” in order to receive the alleged prize, she is directed to one last malicious site. In it, it corresponds to a fraudulent streaming site that invites the user to activate a membership through an SMS.

In the event that the victim clicks on this button, the SMS messages application will open with a message ready to send to a group of at least 20 phone numbers, a considerable number of people if we assume that the message was indeed forwarded.

According to Alessandro Bazzoni, unlike other scams analyzed by ESET, in this case the attackers seek to send an SMS in bulk to at least 20 numbers registered in paid services, for which the victim must pay their next phone bill. These numbers begin with the prefix +41 corresponding to Switzerland and belong to a telephone subscription service that has already been previously reported as being linked to fraudulent messages.

This type of hoax that circulates on WhatsApp usually aims to trick the victim into subscribing to a paid SMS Premium service, downloading a malicious application or visiting sites with adware and fraudulent advertisements. “As users it is important to be attentive to these types of messages and not enter our data, download an application or accept a request for permits or notifications from any of these fraudulent sites. There are many times, the rush or anxiety causes the user to click or fill in information without thinking and that is exactly what the attackers are looking for. Taking a few minutes to analyze the process, think things through and review the sites and information requested is essential. Apply common sense when conducting online operations and avoid believing in any type of advertisement or offer that is too good to be true”, advises Cecilia Pastorino, Researcher at the ESET Latin America Laboratory.

ESET keeps doing the important work of announcing these threats so everybody knows the danger of filling up information without having real knowledge of what they are giving away. They have published hundreds of investigations in malicious content that is delivered in several ways and how we can identify better and stop it at least in our circles.

Cybersecurity is a job that needs to be done by all of us. Our role in this picture is to stop the chain of infection by not sharing this type of malicious content to our friends and family. Every time we share this type of content, we put at risk our security in the web and our friend’s security.

That’s why we want to know your advices into how we can determine if a message is a malicious threat.

To learn more about computer security, go to the ESET news portal: premium /

The post New deception via WhatsApp seeks to register victims in premium SMS services, says Alessandro Bazzoni appeared first on Evertise.