Get a free Volkswagen? Not so fast — it’s just another scam

As a general rule, anything promising free prizes on the Internet should be ignored. These scams have been around for years and seek to steal information that can be usually leveraged for financial gain (or possibly access to secure networks if a larger hack is being pursued). A recent campaign plaguing social networks, namely Facebook and WhatsApp, however, has been bucking this trend. While initially thought to be a typical phishing campaign surrounding a free Volkswagen contest, it appears that this particular campaign is seeking to gain financially via advertising.

In a post by the cybersecurity team at Sucuri, a fake free Volkswagen giveaway was found to not be quite what researchers thought at first. The campaign was discovered when a team member at Sucuri received a message on WhatsApp in Portuguese. The message directed users to a website that was for a giveaway of 20 Volkswagen cars by the end of the year. When researching the linked page, researchers expected to find typical signs of phishing for data (like forms requesting personal information and the like).

Instead, Sucuri team members uncovered a strange set of circumstances surrounding the Volkswagen giveaway that led them to make another conclusion. The conclusion is as follows:

The main purpose of the site is to request users to resend the campaign link to at least 20 friends on either Facebook Messenger or WhatsApp. Once the campaign has been shared, the scam authors promise to contact you on Facebook... The goal, in this case, seems to be a simple advertisement designed to spread to as many viewers as possible... After clicking one of the page objects, there’s a big chance you will be redirected to a third-party ad server. These redirects are random and lead to a different advertisement every time.

Based on all of this information, and also analyzing the JavaScript of the pages, it was determined that the scammers were trying to gain ad cash via an influx of page traffic. This is a very old strategy that, while not nearly as malicious as malvertising, it is still nefarious as it takes advantage of innocent people to make money. There is also the possibility that personal data, like IP addresses, are logged by the sites used. No matter what, use your head and avoid anything that seems too good to be true.

Featured image: Volkswagen

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Office 365 is now Microsoft 365: Everything you need to know

Microsoft has rebranded various products in its Office 365 lineup as Microsoft 365. Here is…

45 mins ago

Ansible Automation Engine: Complete getting started guide

In this second article in our series, we will work on the Ansible Automation Engine…

18 hours ago

Microsoft Build 2020: All major announcements for developers

Microsoft Build 2020 included several announcements aimed at developers and the IT community. Here are…

22 hours ago

Dell unveils new PCs optimized for remote work

With remote work here to stay, companies are looking to supply employees with devices to…

1 day ago

Using Azure Active Directory Identity Protection to boost your security

Using Azure Active Directory Identity Protection will boost your security. This step-by-step guide shows you…

2 days ago

Review: Kemp Virtual LoadMaster load balancer

With many businesses requiring employees to work remotely, Kemp’s Virtual LoadMaster can help relieve many…

2 days ago