If someone offered you the opportunity to secretly read your friends’ instant messages without being detected, would you want to do that? You could spy on your significant other, or your friends and coworkers—and no one would be the wiser. All you have to do is go to a discreet website and provide your cell phone number so you can receive a private key to download the spying software.
You could say that the offer above is a new form of phishing and it hooked more than 11,000 people who collectively lost more than $53,000 to a scammer in Spain. This is according to the Spanish news service EFE.
The guy that dreamed up the scam created advertisements on social media that offered to provide a fictitious app called WhatsAppSpy, a play on the real instant messaging service WhatsApp. The supposed spy software would allow a person to view messages that others sent via the legitimate messaging service. To get the spy software, the person had to go to a WhatsAppSpy webpage to sign up. That site redirected them to another site that requested their phone number in order to send them a code to download the spy app directly onto their device.
And here’s where the scammer set the hook. By entering their phone number, the person actually subscribed to a premium messaging service that sent the unsuspecting victim advertisements with costs ranging from $2 to $10. The scammer earned money from the messaging service as a referral fee for each victim that signed up.
In two months time, the scammer had amounted more than $53,000. He got busted when people started discussing this scam on social media and the police investigated the source of the scam and pulled the plug on his little operation.
The individuals who fell for the scam only lost a few dollars each, and no one reported it to the police. Perhaps they were too embarrassed to say they were trying to download spyware in order to read others’ messages. The guy probably wouldn’t have gotten caught if he had taken a tip from cyber thieves: do your scam, make your money, and move on before you can be tracked.
This just goes to show that scams don’t have to be high tech to get people to fall for a social engineering attack.
- About Corero
- Investor Relations
- News Room
- Executive Management Team
- Corero Offices
- Contact Us