A scam campaign is promising free Volkswagen car giveaways to trick social media users into visiting third-party ad servers, according to researchers at Sucuri.
The scammers sent messages on WhatsApp and Facebook telling users to enter a contest for a chance to win one of twenty free Volkswagens. The link in the message takes the victim to a spoofed Volkswagen website, which then sends them to an advertising network. It also asks victims to share the link with twenty of their friends on Facebook Messenger or WhatsApp.
The researchers concluded that the campaign was designed solely to generate income from a number of advertising networks, rather than tricking the victim into handing over personal information. Peter Gramantik, a malware researcher at Sucuri, says that the scam uses underhanded methods to spread the advertisements as widely as possible.
“This has been a trending monetization method over the past year, and sharing a scam site without any other ‘malicious’ activity bundled with it is one of the ways the attackers are generating revenue,” writes Gramantik. “It’s still a scam, but one based on social engineering. This is a prime example of one of the oldest and most basic techniques – making people believe that they can get something for free.”
While the objective of this scam is less malicious than most, it highlights the enduring effectiveness of tried-and-true social engineering techniques. An employee who falls for this scam could easily be tricked into clicking on a link that steals their credentials or downloads malware onto their system. New-school security awareness training can give your employees the skills necessary to detect a wide range of social engineering attacks.
Threatpost has the story: https://threatpost.com/volkswagen-giveaway-scam-peddles-ad-networks/139731/