WhatsApp: How the supermarket voucher scam works
- Published
Scammers have used WhatsApp to trick people into handing over personal information by tempting them with bogus supermarket vouchers.
The messenger app was used to send fake vouchers to people, purporting to be from trusted chains such as Asda, Tesco and Aldi.
The messages claimed to offer hundreds of pounds in savings so long as the user followed a link to an online survey asking for personal details.
The scam is a form of phishing, where fraudsters pose as reputable organisations to gain personal details.
Action Fraud, the UK's national reporting centre for fraud and cyber crime, suggests anyone who has fallen victim to this scam to report it online, external or call 0300 123 2040.
So far, 33 people have come forward to report falling victim to the scam, although it is unclear how many people have received the message.
How does it work?
This message was sent to the WhatsApp number used by the public to contact the BBC
The scam works by using a link which appears almost identical to a supermarket chain's legitimate website, but with one small difference.
For example, in the screenshot above, the d in Aldi is actually a ḍ - a Latin character with a small dot underneath the recognisable letter.
In the tweet below, the d in Asda has been replaced with đ - another character known as a crossed D.
Allow Twitter content?
This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.
People who clicked the links contained in the WhatsApp messages are sent to a survey.
According to Action Fraud, the survey urges victims to hand over their financial information.
If, however, a person tries to visit the homepages for Aldi misspelled with the dotted character it sends them to an error page from a website which is not the supermarket's.
Attempting to visit the fake 'Alḍi' homepage sends the user to an error page for this website
Meanwhile, at time of writing, attempting to access the misspelled Asda site brings up a warning in some browsers.
Why did I get it?
Upon completing the survey, the victim is urged to send the message to 20 other contacts in order to receive a £250 voucher.
Allow Twitter content?
This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.
This helps legitimise the scam, says Action Fraud, as rather than being sent from a random number, the WhatsApp message comes from a trusted contact.
However, it is unclear whether users may have been compromised simply by clicking on the link, as some on social media claimed that the message was shared without their contact's consent.
Allow Twitter content?
This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.
A spokesperson for Action Fraud told the BBC, "from what we can see, you would have to put certain details in to be in trouble, but it would depend on the device as all the scams are different, and some can download malware on your device."
Action Fraud advises people to avoid unsolicited links in messages, even if they appear to come from a trusted contact.
By Tom Gerken, UGC and Social News
- Published6 November 2017
- Published7 November 2017
- Published3 November 2017
