The deception consists of sending messages where a false promotion campaign is promoted, for the supposed opening of a new branch in Liverpool. However, the real goal is for victims to download a “disreputable” app. The “hook” is a series of “cash prizes”.
Users who fall into the trap, by downloading the rogue app, enable permissions to display browser notifications or install a suspicious extension. In addition, by clicking on a link, the victim is directed to a page where they must answer a survey with questions related to their personal information and the impersonated brand.
Said information, supposedly, is to participate in a sweepstakes.
The next phase of the deception is to choose one of several options to, if correct, obtain a prize of thousands of pesos. But, according to the tactic discovered by ESET, the participants will inevitably hit one of their attempts. But to access the bogus prize, the app asks them to share the same hoax with their WhatsApp contacts.
At this point, the user should suspect fraud, as a message appears in English, instead of one in Spanish:
“Congratulations! You did it! You won 18000 Peso”, says the fraudulent page.
“Probably due to the attractiveness of the prize, people do not hesitate to spread the message, since as part of the dynamic it is required to ‘share with 5 groups or 20 friends’, as well as enter an email address and complete a registration, where The collection of information from the victim, especially the phone number, continues,” says ESET in a statement.