“Free Money” WhatsApp Scam

ⓘ This advisory addresses an uptick in “free money” scams on WhatsApp.

Attention constituent: 

CIRT-BS is observing an uptick in “free money” scams on WhatsApp involving threat actors impersonating the “Ministry of Labour and [Public Service]” and offering mobile device “top-ups” to solicit personally identifiable information like internet protocol (IP) addresses and telephone numbers from members of the general public.

Reported screenshots of "free money" scam WhatsApp messages from malicious actors containing spoofed URLs and strange hyperlinks

In the attacks, actors are sending various WhatsApp messages with malicious URLs; one message advises recipients that they are entitled to a particular amount of money from the government based on their employment history, and another claims that they can win “top-ups” from a telecommunications provider of their choice. Once on the webpage, the user receives a prompt to enter their telephone contact information and “share” the scam with a particular number of contacts to claim the money. On the webpage, threat actors gather information on the user’s network and phone contact, which they can exploit in a future attack. The additional sharing of the scam is causing it to become widespread across The Bahamas. Manufactured comments on the webpage also cause the scam to appear more legitimate than it is.

Fraudulent websites soliciting personal identifiable information including a spoofed version of the Ministry of Economic Affairs and the U.S. Department of Homeland Security.

CIRT-BS wishes to advise the public that these attacks are fraudulent and that they should contact the impersonated organisations directly through their official means of contact to verify any unusual communications and promotions.

What to Do in this Situation
  1. Verify communication. While unlikely, if you believe you are receiving a legitimate WhatsApp message about owed money or giveaways, contact the organisation through its official means of communication to verify.
  2. Do not engage. If you receive a message about owed money or a giveaway asking you to click a link, do not click it (especially if the URL is strange or unclear). Advise the sender to follow suit, delete the message (to avoid accidental clicking), and refrain from further sharing.
  3. Report. Remain vigilant, especially when entering personal information, and report “free money” scams on WhatsApp directly to WhatsApp by “long-pressing” the message, selecting “More…” and “Report.” Additionally, you can report scams to https://www.cirt.bs/report/.

 

Best,

Scroll to Top
Skip to content