Many Facebook and WhatsApp users are receiving notifications claiming that someone sent them a surprise message.
The notifications feature an envelope icon along with a row of smileys and a website link.
Clicking on the notifications opens a dodgy webpage that asks you to supply your name in order to personalise a “greeting card”. The page then prompts you to click a button and share the “greeting card” with your friends via Facebook or WhatsApp.
Dozens of almost identical unsecure websites are being or have been used to distribute the messages. It appears that several of the sites have already been removed.
The exact motivation of those responsible for creating the sites remains a little unclear. Some reports suggest that the sites contain malicious scripts, although I have not been able to verify that claim after examining several versions.
Some of the sites prompt users to download a potentially malicious browser extension or redirect users to various suspect “offer” websites.
Others may be simply attempting to reach a wider audience and thus generate revenue via site advertising.
If you receive one of these messages, do not click on it. And, if you do end up on one of the websites, do not provide any information or click on any links.
Here’s a screenshot:
