Get a free Volkswagen? Not so fast — it’s just another scam

As a general rule, anything promising free prizes on the Internet should be ignored. These scams have been around for years and seek to steal information that can be usually leveraged for financial gain (or possibly access to secure networks if a larger hack is being pursued). A recent campaign plaguing social networks, namely Facebook and WhatsApp, however, has been bucking this trend. While initially thought to be a typical phishing campaign surrounding a free Volkswagen contest, it appears that this particular campaign is seeking to gain financially via advertising.

In a post by the cybersecurity team at Sucuri, a fake free Volkswagen giveaway was found to not be quite what researchers thought at first. The campaign was discovered when a team member at Sucuri received a message on WhatsApp in Portuguese. The message directed users to a website that was for a giveaway of 20 Volkswagen cars by the end of the year. When researching the linked page, researchers expected to find typical signs of phishing for data (like forms requesting personal information and the like).

Instead, Sucuri team members uncovered a strange set of circumstances surrounding the Volkswagen giveaway that led them to make another conclusion. The conclusion is as follows:

The main purpose of the site is to request users to resend the campaign link to at least 20 friends on either Facebook Messenger or WhatsApp. Once the campaign has been shared, the scam authors promise to contact you on Facebook... The goal, in this case, seems to be a simple advertisement designed to spread to as many viewers as possible... After clicking one of the page objects, there’s a big chance you will be redirected to a third-party ad server. These redirects are random and lead to a different advertisement every time.

Based on all of this information, and also analyzing the JavaScript of the pages, it was determined that the scammers were trying to gain ad cash via an influx of page traffic. This is a very old strategy that, while not nearly as malicious as malvertising, it is still nefarious as it takes advantage of innocent people to make money. There is also the possibility that personal data, like IP addresses, are logged by the sites used. No matter what, use your head and avoid anything that seems too good to be true.

Featured image: Volkswagen

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Exchange Server log files growth and inadequate disk space allocation

When it comes to Exchange, if you build it, it will grow. Exchange Server log file growth can fill up…

2 hours ago

Hold the phone! Voice communication is becoming cool again

Business telephone conversations have largely been supplanted by email. But voice communication is far from dead — and it may…

5 hours ago

What are the potential disadvantages of SSL/TLS?

There’s wide consensus on the benefits of SSL/TLS. However, not as much attention has been given to SSL/TLS disadvantages.

3 days ago

Exploring native software inventory logging in Windows Server

Windows Server has built-software inventory logging that can be very useful. Here’s how to use this little-known feature.

3 days ago

Passwordless authentication: Safer, better, and about time

Passwordless authentication has quickly become one of the primary means by which users access their laptops, phones, and tablets because…

3 days ago

Automated Incident Response in Office 365 ATP simplifies cybersecurity

Microsoft has pumped up Office 365 Advanced Threat Protection with a new feature, Automated Incident Response. Here’s what you need…

4 days ago