[FSec] More than 22 Thousand Finns Clicked WhatsApp Spam Today


Daavid, a senior researcher on our Threat Intelligence team, received two "Samsung Galaxy Pro" themed spam messages to his WhatsApp account this morning.

"Onneksi olkoon! Olet voittanut Samsung Galaxy Pro Tableting." Which translates as: Congraulations! You've won a Samsung Galaxy Pro Tablet. The message includes a link with a location from where you can supposedly redeem your prize, the middle of a golf course in central Finland, Paltamo Golf.

A somewhat funny coincidence; I enjoyed a very nice family lunch there last summer. I'm certain it doesn't have an +86 number. The +86 country code belongs to China. The 132 and 150 prefixes belong to two GSM based networks.

Using the info function of WhatsApp reveals a larger version of the profile picture.

And that image appears to have been pulled from some "Lotto24" campaign.

On an iPhone, a map was opened, the same as what happened with Windows Phone.

But on an Android device, the map linked to Chrome which followed a Google short-link to lotto24.fi.

The short-link metrics reveal that more 22,000 people (and counting) have clicked on the spam's link, almost all are from Finland.

(Click image to embiggen.)


Thanks to Daavid for the screenshots.

Post by — Sean
On 05/05/15 At 01:43 PM