The hijacking of WhatsApp profiles has become one of the favorite scams of Brazilian cybercrime. Most of the time, the fraudster approaches the victim via phone call, using different motifs (such as supposed invitations to closed parties or participation in scientific research) to convince her to give the code received via SMS. This code, as we all know, is the messenger’s confirmation token, and giving it up means giving your profile to the miscreant.
Over the past two weeks, The Hack has found, exclusively, that criminals are using a very creative new method to deceive unwary Internet users: they are impersonating famous brands on Instagram, especially those companies operating in the manufacturing and sale of white goods (refrigerators, stoves, washing machines, etc.).
It works like this: the scammer registers an account impersonating the technical support of the company in question, adopting usernames and profile pictures that really resemble the originals. Then they monitor the real profiles of manufacturers looking for comments from internet users who have some kind of technical problem to be solved; this is where the miscreants get in touch via direct message and start setting the trap.
Something is not right …
In our investigations, we noticed that three brands are the most affected: Consul, Electrolux and Brastemp. To test the scammers’ action, we leave false comments complaining about fictitious problems in the official profiles of the three companies. The first attempt was focused on Electrolux, and it took less than 24 hours after a comment was posted for a malicious profile to address us privately.
The profile in question was @electrolux_ofc and, with texts filled with punctuation errors, asked for our phone number to check if we were the “legal guardians” for the matter. After passing the number, we received the WhatsApp verification code.
It only took a few minutes of research to find problems similar to Brastemp (with fake profiles like @ suporte.brastemp.br and @brastemp_atendimentos_br) and Consul. In the latter, we even find a complaint from a consumer who also claims to have been approached by scammers after leaving a complaint on the real profile of the brand within Instagram itself.
It was bad, it’s getting worse
We are dealing here with a classic digital presence management problem (or digital footprints, as some like to call it). Basically, it’s the company’s responsibility identify malicious uses of their intellectual and representative properties (logos, name and visual elements) and take appropriate measures to protect your consumer, reducing the level of noise in communication.
“We have seen a significant increase in the number of cases of false profiles, largely due to the social distance between consumers and physical companies, which has made this space filled by digital interactions. Criminals realized the existence of an opportunity and started to launch attacks that try to appropriate this space “, explains Fabio Ramos, CEO of Axur, a company specialized in monitoring digital presence.
According to the executive, some companies are “relapsed” about occupying this digital space, which facilitates the action of the miscreants. “They not only create fake profiles, but also approach people who follow official profiles to make proposals such as payment of slips, promotions etc. The consumer ends up believing, because their timing is very good”, adds the executive, also advising that companies must actively monitor the use of their brand on the internet.
What do brands have to say?
In fact: in our three tests, scammers were quicker to approach us than the official company profiles. The Hack contacted the Whirlpool Group (responsible for the Brastemp and Consul brands), but we did not get a response. Electrolux sent us the following official positioning:
Electrolux envisages, in its protocol, informing the competent authorities and taking all necessary legal measures. Aware of the cyber attacks, the company requested the deactivation of the fake profiles, which come to approach its consumers, for the responsible entities.
In its official channels, Electrolux has professionals prepared to provide support in these cases, and remains cooperating with the investigations.
The company advises its consumers not to respond to approaches that come from unofficial channels.
See the original post at: https://thehack.com.br/investigamos-criminosos-personificam-marcas-no-instagram-para-sequestrar-perfis-no-whatsapp/?rand=48873
