A new theft alert was released on social networks. Through Facebook and WhatsAppthe criminals are promoting a fake contest using the 60 years of the Toyota brand as an excuse.
ESETa cybersecurity company, is in charge of issuing the warning after finding false profiles on the two aforementioned platforms promoting this raffle.
It may interest you: Apple updates Safari due to security flaws and a configuration should be done soon
How is the fake contest deception
Through these profiles, a message is spread indicating that they are raffling 600 cars for the 60th anniversary of the automobile company.
The next step is to invite users to enter a web page, which has a URL that has nothing to do with the brand.
Upon entering it is a site with various visual elements that fool people into believing it is real, such as logos and false testimonials from other winners.
The first request is to complete a four-question survey for an alleged Verification process and then show the dynamics with which the vehicles will be raffled off, which is through the choice of options where one of them hides the gift.
It may interest you: New modality of theft: they ask for a change of mobile operator to steal money from users
The first attempt will show the user a message that they have not been lucky, but the second attempt will always win the supposed car no matter what their choice is.
To receive the gift, the person must share the draw with 20 different contacts or with five groups in WhatsApp. “This is to get the campaign distributed among the victims’ contacts and is a common requirement in this type of fraud,” ESET reported.
Finally, after sharing the link, the request is made to download an application through another web page to which the victim is taken on the condition of completing the process to receive the gift.
It may interest you: Reddit was hacked and there are doubts about user data
The person is taken to Google Play Store and the app that they invite to download is Cryptomania Simulatorwhich does not have a known reputation and is presented as a simulator to enter the world of cryptocurrencies, so it is not known what the scope of this application is and the damage it can do to the phone.
“As we have seen on different occasions, although the main recommendation when downloading an app is to do it from official stores, cybercriminals often manage to get past the security barriers used by these platforms and manage to publish malicious apps that contain malware or that are used for unclear purposes”, assured Camilo Gutierrez Amayahead of the ESET Latin America research laboratory.
It may interest you: Five cybercrime practices that can grow with artificial intelligence
Toyota It has already published several statements to warn of this situation. So the recommendation is not to access these types of promotions if they are not directly from the official channels of the brands, in addition to stopping the forwarding of the links to cut the chain of deception and prevent others from falling.
“We remember the importance of not entering our personal data on suspicious or unknown sites or those that we arrived at unexpectedly. When in doubt about an offer, raffle or benefit, visit official channels, such as verified profiles, the website, or contact by phone to verify that they are legitimate campaigns,” the cybersecurity company recommends.