Netflix is an online media juggernaut. As noted by USA Today, the streaming service now has more than 93 million paying members worldwide. It’s no surprise that Netflix-based fraud is on the rise — who doesn’t want free access to the site’s catalog of movies and television?
According to We Live Security, a new WhatsApp scam is now making the rounds and playing on this very premise. Victims receive a message from trustworthy contacts with the promise of free media just a link away, but it’s nothing more than smoke and mirrors designed to steal mobile device information and spread the attack to new users. Even more worrisome, the scam is breaking the corporate network barrier.
The Business Benefit
WhatsApp offers two key benefits: naturally encrypted users and lower costs than SMS. As a result, more and more businesses are leveraging this messaging service to securely and efficiently communicate with remote workers and satellite offices.
Small Business Trends noted that companies can use the media-rich app for real-time customer service and to empower consumer feedback. Given that WhatsApp messages have an open rate around 70 percent, companies have a better chance reaching out through messaging services than traditional phone calls or survey emails.
According to Business Insider, there are strong indications that WhatsApp plans to roll out an enterprise-focused version of its service, which would contain corporate message templates and the ability to send messages in multiple languages. Recently, WhatsApp added encryption to its iCloud backups, TechCrunch noted, giving further credence to the idea that an enterprise-focused push may be on the horizon.
While it remains consumer-focused, more businesses are seeing the advantages of incorporating WhatsApp as part of their mobile strategies.
What’s Up With This WhatsApp Scam?
The growing network of WhatApps users — both customer and corporate — present an ideal opportunity for fraudsters. This growth set the scene for the Netflix scam.
It goes like this: Users receive a message from trusted contacts claiming they can get free Netflix for a year. At first glance, the link looks legitimate, but closer inspection of the shortened URL shows it redirects to somewhere else. Still, the destination looks like a Netflix splash page; it even detects user language preferences and automatically adapts.
Victims are told to share the fraudulent link 10 times and then are redirected again to a final step that will supposedly grant total access. It never does. Instead, scammers are mining mobile devices for data, sending SMS messages to premium numbers and encouraging users to download malicious apps. This way, attackers get the double benefit of new data to exploit and a continually expanding network of attacks.
CNET reported that another WhatsApp scam is making the rounds. This one promises a new version of the app in different colors. The link looks legitimate, but three of the letters are lifted from the Cyrillic alphabet rather than English. Just like the Netflix version, victims are asked to share the link among friends, but are then told to download a new Google Chrome extension. Unsurprisingly, it’s adware.
Update Network Security Policies
While attackers can’t use WhatsApp to send viruses via encrypted messages, they’re leveraging spam and social engineering techniques to spread data mining efforts and obtain device information.
For companies now tapping WhatsApp for secure corporate messaging, this demands a network policy update. Don’t share links that aren’t related to work and ignore demands to download third-party apps.
Put simply, it’s a scam: Free Netflix isn’t happening.