Tech News

The Easter egg on WhatsApp turned out to be a scam

Holidays, holidays and vacations are often occasions that cybercriminals take advantage of to orchestrate different scams.


They use some excuse linked to a special date and if the potential victims are unsuspecting they manage to convince them of downloading any malicious app or entering sensitive data on sites that pretend to be genuine but are not.

In this case a scam was identified by WhatsAppmainly, although it is also found in Instagram Y Facebook, in which you offer to participate in a contest to win an Easter egg, where a link is included that leads the user to a false page to steal information.


Sites promise access to free Easter egg or gif card. In all cases, users are asked to answer a survey and the message states that the contact who sent the message via WhatsApp has already received his prize, in order to give him credibility, according to the cybersecurity consultancy BTR Consulting.

The scam is not new, it has been circulating for about 5 years but on this date it was not only reactivated but also optimized to appear more credible.


Criminals seek to confuse users with real marketing campaigns from chocolate companies, that use the digital medium, to execute campaigns known as Worldwide Hide (World Treasure Hunt), which encourages users to hide a virtual Easter egg anywhere in the world and send a clue to someone who can look for the egg on the virtual world map.

The links seem to have started circulating last week in several countries around the world, in English and Spanish, using the most recognized brands that sell chocolate and Easter eggs.

When users open the link they are presented with a short list of questions to answer, which is then prompted for data entry. Thus, they enter a false website that requests personal information and in some cases the message is automatically shared with the potential victim’s contact list in order to make the deception go viral.


It is clearly an attempt to phishinga technique that seeks to keep personal data, usernames and passwords of various accounts, as well as bank or financial information. Users should avoid interacting with the message in any way and not enter any data or share the message further. In some cases, the scam includes fake Facebook and Instagram pages, impersonating the identity of the brands that manufacture chocolate, which encourages participants to register on a website and follow the steps to ‘verify’ their prize, “they explain from BTR Consulting.

You must always be careful not to trust promotions or product offers that add a link where the user is asked to enter confidential information and also share the supposed benefit with other people.

The scam modality is very similar to the one that went viral during the month of February for the Amazon International Women’s Day 2022 Giveaway.

What to keep in mind, as recommended by security specialists:

– Never deliver personal data, or username and password, bank account number or credit card number in any link that is accessed through messages, mail, etc. You have to be wary even when it comes from acquaintances and friends because they may simply be replicating, without knowing, a deception of which they were also victims.

– Verify on the web if there are complaints or victims

– Do not trust messages that arrive via WhatsApp that offer prizes and/or gifts

– Observe the URL of the web page, verify if it is an official site or if it is a cloned site.


Back to top button