A new case of Phishing involved the ROLEX company

June 8, 2021

A new Phishing attack occurred last week through thousands of messages on WhatsApp. This report was made by the antivirus company Panda Security.

To carry out this attack, the attackers announced a marketing 'campaign' of the Rolex brand in celebration of its hundred years. In other words, it was a phishing scam to deceive and steal the data of the victims.

Interestingly, the company is neither celebrating its centenary nor the links directing to its website.

The link said "you have a chance to get a free Rolex", which led users to a phishing page.

Intending to have greater success, the menaces were in charge of making the false page as true as possible.

How did the victims fall for this deception?

  • The web takes users to a form in which they enter their data and thus receive the supposed gift.
  • When you click on the link, the website installs an adblocker to prevent ads while browsing the web.
  • As a next step, after participating in the raffle, the requirements to receive the gift are sent by clicking on the link that will immediately install the malware on the devices.

Relevant details of the attack

  • The site was developed to collect as much information from visitors as possible.
  • After a more detailed analysis, it was discovered that in the design of the fake website it is used to introduce cookies that collect the profiles of the people who visit the page.
  • Other details added on the site are false comments, logos, the copy of the brand image, and stamps of institutions to make it 'legal'.

Source:

Pou Rodríguez, A. (June 07, 2021). Celebración de Rolex de su primer centenario: nueva estafa de phishing. Retrieved from: https://cybersecuritynews.es/celebracion-de-rolex-de-su-primer-centenario-nueva-estafa-de-phishing/

Authored by:

Jorge Daniel Tejeda