You’re scrolling through Facebook and receive a message notification. You open it and see it’s from Volkswagen, claiming that the company will be giving away 20 free vehicles before the end of the year. If you think you’re about to win a new car, think again. This is likely a fake Volkswagen phishing scam, which has been circulating social media channels like WhatsApp and Facebook, enticing hopeful users looking to acquire a new ride.
This fake Volkswagen campaign works differently than your typical phishing scam. The targeted user receives the message via WhatsApp or Facebook and is prompted to click on the link to participate in the contest. But instead of attempting to collect personal or financial information, the link simply redirects the victim to what appears to be a standard campaign site in Portuguese. When the victim clicks the buttons on the website, they are redirected to a third-party advertising site asking them to share the contest link with 20 of their friends. The scam authors, under the guise of being associated with Volkswagen, promise to contact the victims via Facebook once this task is completed.
As of now, we haven’t seen indicators that participants have been infected by malicious software or had any personal information stolen as a result of this scam. But because the campaign link redirects users to ad servers, the scam authors are able to maximize revenue for the advertising network. This encourages malicious third-party advertisers to continue these schemes in order to make a profit.
The holidays in particular are a convenient time for cybercriminals to create more scams like this one, as users look to social media for online shopping inspiration. Because schemes such as this could potentially be profitable for cybercriminals, it is unlikely that phishing scams spread via social media will let up. Luckily, we’ve outlined the following tips to help dodge fake online giveaways:
- Avoid interacting with suspicious messages. If you receive a message from a company asking you to enter a contest or share a certain link, it is safe to assume that the sender is not from the actual company. Err on the side of caution and don’t respond to the message. If you want to see if a company is actually having a sale, it is best to just go directly to their official site to get more information.
- Be careful what you click on. If you receive a message in an unfamiliar language, one that contains typos, or one that makes claims that seem too good to be true, avoid clicking on any attached links.
- Stay secure while you browse online. Security solutions like McAfee WebAdvisor can help safeguard you from malware and warn you of phishing attempts so you can connect with confidence.
And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.