Users of WhatsApp, that popular texting service application for mobile devices, are warned of a new scam making rounds that may have started late last week. Below is a sample of what users are receiving:

Hey, have you heard about this? {URL redacted} Sainsburys its giving away £100
gift cards. They are expanding their store network and they launched this promotion.
Grab a gift card while it lasts. I got mine already.

The official Sainsbury’s Twitter account has already denied the legitimacy of the message and rightfully advised the user to simply delete or ignore the message without replying.

However, some users may find themselves ignoring their best judgments and clicking the URL anyway.

As of this writing, two scammy URLs have been circulated, which are as follows:

  • www[DOT]sainsburys[DOT]com-giftcard4u[DOT]com
  • www[DOT]sainsburys[DOT]com-ukgiftcards[DOT]com

Several reports say that once users click on either of these links, they are then tricked into giving away their personal information.

Thankfully, the above URLs are already taken down as of this writing. However, it’s possible that a similar campaign may still be ongoing but with scammers using a different URL. If so, it would be wise to heed Sainsbury’s advice and report such messages to the company. Furthermore, tell your WhatsApp contacts about the circulating scam so they are also in the know. This way, we lessen the number of users clicking links and getting their information stolen.

Speaking of questionable URLs, our Web Protection Team has provided us a list of URLs you may also want to avoid visiting and include them in your blacklist instead. Note that most of these provide actual download files of the WhatsApp app, but ask for user information in return:

  • 2016-whatsapp[DOT]win
  • fast-internets[DOT]com
  • getwhatsap[DOT]xyz
  • us[DOT]number-look[DOT]com
  • whats-app[DOT]website
  • whatsapp[DOT]so
  • whatsappactivation[DOT]com
  • whatsapplight[DOT]com
  • wifi-speed[DOT]com

Below are sample screenshots we captured of some of the sites:

This slideshow requires JavaScript.

Users of Malwarebytes, however, are already protected from these sites as we already block them.

Other related post(s):

Jovi Umawing (Thanks to Dashke)