Spotted in the wild

The scam using ‘Game’ in its name asks that you logon to a website where you need answer three basic questions and then forward the offer to at least 20 of your WhatsApp contacts in order to win one of the televisions that are being “donated for free after they were found to be scratched”.

The website used was configured in such a way that if the site was left active it began navigating to additional links in new tabs every few seconds. If the browsers you were using were fully patched, they will usually have prevented the potentially harmful content from loading.

In the ‘Woolworths’-branded campaign, the webpage template was poorly repurposed from a similar ‘Shoprite’ scam that had occurred previously with the images, website URL and most of the text simply changed. The perpetrator clearly didn’t pay too much attention to the changes that they had made as the browser and tab title bars still show the word ‘Shoprite’ in them.

The Adidas scam enforced an app download that was required after also sharing the link to 20 WhatsApp contacts. Feedback from individuals who unfortunately fell prey to this specific campaign stating that their Facebook account had also been hacked. The campaign appears to be able to exfiltrate account information from the victims’ devices.

Basically, if the information or gift campaign offer is not accessible from the genuine company’s website or instore, it’s likely to be fake. Threat actors are actively targeting popular stores and taking advantage of people’s needs to try and save as much as they can in these difficult economic times.