Many Facebook and WhatsApp users are receiving notifications claiming that someone sent them a surprise message.
The notifications feature an envelope icon along with a row of smileys and a website link.
Clicking on the notifications opens a dodgy webpage that asks you to supply your name in order to personalise a “greeting card”. The page then prompts you to click a button and share the “greeting card” with your friends via Facebook or WhatsApp.
Dozens of almost identical unsecure websites are being or have been used to distribute the messages. It appears that several of the sites have already been removed.The exact motivation of those responsible for creating the sites remains a little unclear. Some reports suggest that the sites contain malicious scripts, although I have not been able to verify that claim after examining several versions.
Some of the sites prompt users to download a potentially malicious browser extension or redirect users to various suspect “offer” websites.
Others may be simply attempting to reach a wider audience and thus generate revenue via site advertising.
If you receive one of these messages, do not click on it. And, if you do end up on one of the websites, do not provide any information or click on any links.
Here’s a screenshot:
Since you’ve read this far…
…can I ask you for a big favour?To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.
If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.
You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.
Thank-you.
Brett Christensen
