The Easter egg on WhatsApp turned out to be a scam

Holidays, holidays and holidays are often occasions that cybercriminals take advantage of to orchestrate different scams.

They use some excuse linked to a special date and if potential victims are unprepared, they manage to convince them to download some malicious app or enter sensitive data on sites that pretend to be genuine but aren't.

In this case, a scam was identified by WhatsApp, mainly, although it is also found on Instagram and Facebook, which offers to participate in a contest to win an Easter egg, which includes a link that takes the user to a fake page to steal information.

The sites promise to access free Easter egg or a gif card. In all cases, users are asked to answer a survey and the message states that the contact who sent the message on WhatsApp has already received its prize, in order to give it credibility, according to cybersecurity consultancy BTR Consulting.

The scam is not new, it has been circulating for about 5 years but on this date it was not only reactivated but optimized to appear more credible.

Criminals seek to confuse users with real marketing campaigns by chocolate companies, which use digital media, to run campaigns known as Worldwide Hide (World Treasure Hunt), which encourages users to hide a virtual Easter egg anywhere in the world and send a clue someone who can search for the egg on the virtual world map.

The links seem to have started circulating last week in several countries around the world, in English and Spanish, using the most recognized brands that sell chocolate and easter eggs.

When users open the link, they are presented with a short list of questions to answer, and then ask for data entry. Thus, they enter a fake website that requests personal information and in some cases the message is automatically shared with the contact list of the potential victim in order to viralize the deception.

“This is clearly a a href="https://www.infobae.com/tag/phishing/" rel="noopener noreferrer" target="_blank"bphishing attempt, a technique that seeks to keep personal data, users and passwords from various accounts, as well as banking or financial information. Users should avoid interacting with the message in any way and should not enter any data or share the message any more. In some cases, the scam includes fake Facebook and Instagram pages, impersonating the brands that make chocolate, which encourages participants to register on a website and follow the steps to 'verify' their prize,” they explain from BTR Consulting.

Care should always be taken to be wary of promotions or product offers that add a link where the user is asked to enter confidential information and also share the alleged benefit with others.

The type of scam is very similar to the one that went viral during the month of February by the Amazon International Women's Day 2022 Sweepstakes.

What to consider, as recommended by security specialists:

- Never give out personal data, username and password, bank account number or credit card number in any link accessed by messages, mail, etc. You should be suspicious even when you arrive from acquaintances and friends because they may simply be replicating, without knowing, a deception that you also were victims.

- Check on the web if there are any complaints or victims

- Do not trust messages that arrive via WhatsApp that offer prizes and/or gifts

- Look at the URL of the website, check if it is an official site or if it is a cloned site.

KEEP READING: