Site icon Sophos News

How to spot a social media hoax

Well, well, well, if it isn’t the WhatsApp Gold/’martinelli’ video scam, back again, as half-bunk and half-real-threat as ever.

Excellent! It’s a great opportunity to offer some advice on pulling the rug out from under these and other scammers. For the dissection of Gold/martinelli, read on. For some advice to forward to the prey of the scammers, jump on further down!

The current bunk

As Snopes tells it, the WhatsApp Gold scam messages have been kicking around since at least 2016 in varyingly worded messages, claiming that some new “premium service” would get users extra goodies, such as video calling and new emojis.

Hey Finally Secret WhatsApp golden version has been leaked, This version is used only by big celebrities. Now we can use it too.

Users who clicked on the link got no goodies. They got baddies, in the form of a malware-rigged, non-WhatsApp website. The malware, nicknamed WhatsApp Gold, was designed to break into phones and steal victims’ messages and other private data.

Bad enough, eh? Well, the mad cyber scientists decided to make it a bit more poisonous when they wrapped a true warning about the real WhatsApp Gold malware around a bogus warning about a fictional video called martinelli.

This scam burrito has been getting passed around since at least mid-2017, picking up only minor word swaps but still refusing to unglue its death-grip on arbitrary, proofreader-taunting, inappropriate spaces around punctuation.

The version we saw in November:

If you know anyone using WhatsApp you might pass on this. An IT colleague has advised that a video comes out tomorrow from WhatsApp called martinelli do not open it , it hacks your phone and nothing will fix it. Spread the word. If you receive a message to update the Whatsapp to Whatsapp Gold, do not click !!!!!
Now said on the news this virus is difficult and severe

Pass it on to all

According to multiple news outlets, that sage, fictional “IT colleague” is back again, once again babbling about this equally fictional martinelli video.

That’s just fine, you scammers. We’re back again, too, you purveyors of WhatsApp Fool’s Gold. We’re here to tell you how to spot these hoaxes. Sage IT colleague types, please do enlighten the not-so-IT-savvy among you with these nuggets.

How to spot WhatsApp hoaxes

Atrocious punctuation and feeble English are common in phishing/spam/hoax messages, but we need more tools than that to discern when something’s a threat. After all, it’s not a given that a) non-threat-actors (as in, our friends) know how to use commas, et al., or b) scammers don’t use proper English and punctuation. To that end, keep an eye out for these elements on top of funky, clunky English:

Call to action. As Sophos’s John Shier has noted in an excellent “Phish or legit?” walk-through, most phishing campaigns snap their fingers at you.

Scam WhatsApp messages and Facebook hoaxes have a call to action, too: they urge readers to copy/paste the warning and forward it to others. It’s meant to add a sense of urgency to the message and compel you to do something.

The threat. As WhatsApp notes in its FAQ about hoax messages, hoaxers often claim you can avoid punishment, such as account suspension, if you forward the message. A sender might imply that they have the law on their side, and that they’ll use their law enforcement affiliations should you be up to something dodgy.

In the case of WhatsApp Gold/martinelli, the “threat” is from a (nonexistent) video, and that you shouldn’t click on a link urging you to update Whatsapp to Whatsapp Gold (true!), lest your phone get hacked.

Authority figures. To make the threat convincing, hoaxers often sprinkle in references to voices of authority. If it’s not the cops, it’s that Gold/martinelli “IT colleague”. Way, way too often, friends will pass on these words from purported experts, or police, or the tax authorities, reasoning that “it can’t hurt.”

And after you’ve spotted the Gold/martinelli or any other hoax…

Don’t forward. Just simply warn them without the forward. Consider doing it by private message. After all, if you comment on, say, a Facebook post itself, you’re adding to its page ranking, pushing it all that much closer to going viral.

Like Sophos’s Paul Ducklin said in a recent video, it can do us harm when we copy, paste and spread somebody else’s lies. It hurts our reputations and our accountability. Who needs that?

Arm yourself against WhatsApp Gold malware

Staying safe online means keeping out all the malware that’s out there, not just the one or two rogue applications you hear about via friends’ WhatsApp messages.

Instead, just follow some simple advice to keep your phone secure, and advise your friends and family to do the same:

Exit mobile version