Instant messaging scams are nothing new. For years, scammers have used instant messaging platforms to, amongst other things, encourage victims to hand over personal information or to download unwanted or infected software.
What is new, however, is how scammers target their users.
Father’s Day is upon us, and the latest scam doing the rounds is a WhatsApp message allegedly originating from ScrewFix. Scammers have been targeting users with a fake advert, supposedly offering a free drill for Father’s Day. The message has a link attached to it. That link, if it works, takes the victim to a set of questions, encouraging them to hand over their personal data. The victim is then encouraged to share the link with their friends for a chance to win the free drill.
As expected, the scam has spread, with many contacting ScrewFix asking them if it is legitimate. ScrewFix has since posted on its Twitter account to address the situation – the supposed ‘giveaway’ has nothing to do with them https://twitter.com/Screwfix/status/1537121884508233728
How do I know this exists? As it turns out, I received the exact message via WhatsApp from one of my contacts. Let’s analyse it.
The picture looks legitimate, and the logo is most certainly ScrewFix’s logo. A Father’s Day Giveaway for a drill may seem a little far-fetched, but what DIY enthusiast wouldn’t be attracted?
What we would probably expect now is a link to ScrewFix’s website. Maybe something like screwfix.com/fathersday2022competition? Or Screwfix.com/competitions/2022-fathers-day-giveaway? Instead, we see a link to tinyurl5.ru , followed by /n and a random string of numbers. This should immediately ring alarm bells – it isn’t a ScrewFix domain, the end of the url is .ru (Russia) and there is nothing about Father’s Day or competition in the url.
As a test, in a controlled environment, I visited that link, and got the following:
So that link doesn’t work. However, there have been some reports of a questionnaire asking for personal information.
Immediately I called my contact to advise them. They were very thankful and they informed other contacts they’d forwarded the message to.
This of course is no way limited to ScrewFix – scammers pretend to be many well-known companies, organisations and even government departments every day as part of their strategy to entice users to give away their personal and financial data. It also not just limited to instant messaging – emails, SMS and phone calls are still very popular methods.
What should you do if you receive this message, or one like it?
- Do not visit the link.
- Inform the person who sent it to you that you think they may have just sent a scam.
- Delete the message.
What should you do if you receive a message that looks like a scam?
- If in doubt, do not click any links that are included in the message. Look at the text, the images and the link. If something doesn’t look right, don’t take any action.
- Do not follow any instructions that the message might be asking you to.
- Instead, contact the organisation the message claims to come from – they will be able to help you decide whether or not the message is legitimate or not. If it isn’t legitimate, you are helping them help others who may fall victim to a scam.
- Delete the message.
Further reading
Instant Messaging – Get Safe Online
Email – Get Safe Online
Mat Hasker is a web specialist, gamer, musician and writer
