If you take part in this “competition”, then really lay an egg in your nest…
Hands off if a chocolate Easter bunny from Milka smiles at you from your Whatsapp chats today or in the coming days!
A phishing attack disguised as an Easter surprise has recently been spreading via the popular messenger. It’s extremely annoying – and by the way, our data could also end up in the completely wrong hands.
In the current case, fraudsters have laid out a raffle bait: The Milka purple, a green meadow and some Milka products are shown. In addition, the slogan “Let’s make Easter more delicate.” Via an attached link one is supposed to take part in the alleged competition and thus secure one of 5000 free gifts.
Grammar mistakes and cryptic links: This is the bait scammers use to get your data
Everything looks real at first – but if you take a closer look, you will be suspicious: A grammatical error (“Free Easter gift baskets” instead of the correct “Free Easter gift baskets”) has crept into the lock text.
Even more striking: The URL has absolutely nothing to do with the Milka brand and does not refer to an official competition. Milka therefore also warns on the official Website before this and other fakes:
In various media, consumers are often informed about bogus Milka competitions! These are click baits that lead to a sweepstakes. These actions are not from our house. Our Milka brand has no connection with these competitions. They only pursue the purpose of obtaining personal data in order to contact the participants afterwards.
Milka also points out that real competitions can always be identified by the sender Milka or Mondelez (US food company with German headquarters in Bremen).
If the sender information is not recognizable or important additions such as conditions of participation are missing, says Milka, the company advises against providing personal data.
That’s what security experts recommend for smartphone spam
But what happens if I gullibly or accidentally clicked on the Milka link or another spam link? The IT security consulting team of the it.sec/SITS Group (Wiesbaden) answers the most important questions for BILD.
BILD: What happens if the spam link is clicked?
SITS Group: “In the worst case, your device can be taken over. This applies to all devices, such as PCs, but also smartphones. If such a link is opened, the attacker has access to everything – saved passwords, messages, images, documents. He could also remain hidden on the device and wait until, for example, a banking password is entered.”
Experts explain that sensitive data such as access or credit card data could then be used for identity theft or credit card fraud – or simply resold.
How do I recognize spam?
SITS Group: “In this case, it is specifically the URL that is not related to Milka. It is also important that the display text of the URL (which you can see here) can be different than the actual URL. You can see that on the PC, for example, if you move the mouse over the link – but of course you don’t click!”
What information does the URL ending “.ru” give about the suspected perpetrators, for example in terms of whereabouts?
SITS Group: “Unfortunately none. Anyone can buy any country code domain. Therefore we suspect that the perpetrator in this case is NOT from Russia. So either the perpetrator is very bad at hiding his origins or very good.”
What if I received such a message and, in the worst case, clicked on it?
SITS Group: “If it is a company device, you should report the case directly to the responsible IT department. They can then check more precisely what exactly is happening on the link. For private use: If any passwords or credit card details have been entered, you should immediately have the card blocked and/or change the password.”
Another tip from the experts: Always be careful online if something is supposed to be free…