Have you received spam messages on Viber and WhatsApp this month? If you have, you’re not alone, as these messages are everywhere. Some, even, are in Irish.
Not the most sophisticated attack around, these messaging annoyances are becoming more and more common. That’s because modern communications technology is so easy to use, and dupe.
What’s happening, by and large, is this: some spammer wants you to click on a dodgy link, so he or she creates a group with huge numbers of people in it.
The message is sent to all, the spammer exits the group, and you’re left with a dodgy deal for not-at-all Ray-Ban sunglasses, or a way to make money quick.
For anyone who has received these messages, you can tell how it’s done by looking at the group you have been added to.
Often you can see it’s just a stream of people you don’t know, but who have a similar phone number to yours. It’s also originating from a number with +86, +91 or +13 at the start of it, with a significant spike in cases over the past two weeks catching the eye.
“The WhatsApp messages – when we first blogged about it, there actually was a way that you could block the senders,” says Cathal McDaid, part of Adaptivemobile’s malware spotting team.
Adding you to a group is a new tactic, though, because WhatsApp made changes. “It’s an arms race,” he says.
McDaid thinks it’s the same group behind both the attacks. The links go to the same place, the messages are almost identical, and the process is the same.
“We see other attacks that are very localised and targeted. They get better conversion rates for the spammers,” says McDaid, “but this is just sending en masse. You can be sure if it’s in Italy, they will get it in Italian. It’s all about numbers.”
The conversion rate of people clicking through to the links is probably incredibly low, with McDaid suggesting it would be one in every ten thousand, perhaps, but there are ways to try and increase that rate.
Social engineering is the main one. The attempt at social engineering in Ireland, however, was doomed from the get go.
The spammers basically tried localising their countrywide attacks. For Ireland, they thought ‘what better way to get victims than by speaking to the Irish in their own language’.
In theory, this may have seemed clever, but, in execution, they basically sent a message that not all of us could understand. The message, too, wasn’t perfect.
“No, if you take the Irish that’s in the messages and put it into Google Translate you will see that is basically what they did,” explains McDaid.
So what can be done? Well, nothing really. Don’t click on links you are unsure of. Don’t engage at all with these types of things.
“You could maybe report it to WhatsApp or Viber,” suggests McDaid, but this is a situation that will probably just keep evolving and reoccurring.
Main image, via Shutterstock