Scammers have used WhatsApp to trick people into handing over personal information by tempting them with bogus supermarket vouchers.
The messenger app was used to send fake vouchers to people, purporting to be from trusted chains such as Asda, Tesco and Aldi.
The messages claimed to offer hundreds of pounds in savings so long as the user followed a link to an online survey asking for personal details.
The scam is a form of phishing, where fraudsters pose as reputable organisations to gain personal details.
Action Fraud, the UK’s national reporting centre for fraud and cyber crime, suggests anyone who has fallen victim to this scam to report it online or call 0300 123 2040.
So far, 33 people have come forward to report falling victim to the scam, although it is unclear how many people have received the message.
How does it work?
The scam works by using a link which appears almost identical to a supermarket chain’s legitimate website, but with one small difference.
For example, in the screenshot above, the d in Aldi is actually a ḍ – a Latin character with a small dot underneath the recognisable letter.
In the tweet below, the d in Asda has been replaced with đ – another character known as a crossed D.
People who clicked the links contained in the WhatsApp messages are sent to a survey.
According to Action Fraud, the survey urges victims to hand over their financial information.
If, however, a person tries to visit the homepages for Aldi misspelled with the dotted character it sends them to an error page for a different website entirely.
Attempting to visit the fake ‘Alḍi’ homepage sends the user to an error page for this website
Meanwhile, at time of writing, attempting to access the misspelled Asda site brings up a warning in some browsers.
Why did I get it?
Upon completing the survey, the victim is urged to send the message to 20 other contacts in order to receive a £250 voucher.
This helps legitimise the scam, says Action Fraud, as rather than being sent from a random number, the WhatsApp message comes from a trusted contact.
However, it is unclear whether users may have been compromised simply by clicking on the link, as some on social media claimed that the message was shared without their contact’s consent.
A spokesperson for Action Fraud told the BBC, “from what we can see, you would have to put certain details in to be in trouble, but it would depend on the device as all the scams are different, and some can download malware on your device.”
Action Fraud advises people to avoid unsolicited links in messages, even if they appear to come from a trusted contact.