Heineken beer WhatsApp virus infecting thousand of mobile phones; how it spreads?

Social distancing due to coronavirus is generating unimaginable cybersecurity consequences, computer forensics experts say. One example is the UK, which is entering its fourth week of isolation, so thousands of pubs and bars remain closed and making it difficult for citizens to get some alcohol.

Apparently a scammer, or group of scammers, is trying to take advantage of that, creating social media accounts allegedly operated by the popular Dutch-based brewing company Heineken. Those threat actors deceive unsuspecting users by claiming that they can send them free beer kegs for the purpose of extracting their personal data.

Over the most recent days, this scam has become popular, especially on platforms like WhatsApp. This ruse consists of a phishing campaign that seeks to extract the personal information of hundreds of individuals for malicious purposes; although this campaign was detected a couple of years ago, since then only one person has suffered theft from their bank account, computer forensics experts mention.

Through WhatsApp, potential victims receive a message about an alleged promotion in which Heineken is giving away beer kegs. The message invites the user to click on a link that redirects to a fraudulent site called “Heineken Stay At Home with 4 FREE beer kegs”. The user will then be shown a form to be one of the winners of this promotion.

Although computer forensics experts first detected the scam in 2018, threat actors took the time to update the content of their fraudulent pages, linking it to the issue of coronavirus and the isolation campaign undertaken by governments around the world. In other words, hackers claim that beer will be given away to people who stay at home.

When the first phishing campaign was detected, Heineken published the following statement: “The alleged promotion in which beer kegs are offered is a scam and is not related to Heineken”. The company is expected to rule on this new incident shortly.

Experts at the International Institute of Cyber Security (IICS) mention that phishing remains one of the most widely used attack methods, requiring few resources and technical knowledge, and it is relatively easy to mislead users less familiar with information security issues.