WhatsApp gift scams from fake Amazon and Adidas websites spread on International Women’s Day

The websites have spelling errors and suspicious addresses, but offer high-end prizes to entice users

Adam Smith
Monday 08 March 2021 13:50 GMT
Comments
(AFP via Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Fraudulent offers – claiming to be sent from companies including Amazon, Adidas, and many others – are being spread through WhatsApp on international Women’s Day.

According to a report from the Cyber Peace Foundation, along with Autobot Infosec Private, the messages appear to promote a free gift in celebration of the day.

“Women’s Day Gift”, the scam website states; “More than 1000 units of chocolate and mobile equipment, as well as 500 cash prizes ranging from 50 to 5000 US dollars. All you have to do is open the correct gift box. You have 3 tries, good luck!”

The gifts include shoes, or high-end smartphones made by manufacturers such as Huawei, but are “kept really attractive to lure the laymen”, the report states.

Users are sent to bizarre websites with telling domain names indicating that they are unofficial, such as “.xyz” or .buzz”, and told they have won a prize. It then directs the user to complete a survey, asking questions such as: “Do you know amazon?, [sic]” and “Which amazon [sic] product do you want to buy as a Women’s Day gift??”, after which users are given three changes to collect their reward.

The websites have numerous grammatical errors, and encourage users to swap between multiple addresses, revealing their false origins.

The website addresses include “oovip”, “phonesvip”, “v-app”, “adidastore”, and “tatasamsung”. Underneath the websites is usually a social media comment section - which has also been faked - where many fake users have commented about their purported winnings.

Many of the websites were created in February or March, which is another hint towards their forged nature, as Amazon, Adidas, and Samsung’s websites have been in existence for longer than a few months.

The organisations found Chinese characters written in the source code, which translated into English state: “Answer the questions to get Valentine’s Day gifts. I participated in this questionnaire and won a mobile phone. My friend also won prizes”. This indicates that the same scam has been used on multiple holiday events.

The scammers’ campaign collects browser and system data from the device, and encourage the user to share the scam with others.

The report recommends “people to always keep away from such types of messages sent through social platforms”. It also says people should “always think before clicking on any links or downloading any attachments from unauthorised sources.”

Succumbing to such a scam could compromise users’ financial data if they logged in with banking information, or “could lead the users to face whole system compromisation”.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in