So goes this enticing teaser in a spam message sent on WhatsApp to investment groups in Singapore. Phishing and scam alert!
What if, as a subscriber of a robo-advisor service, you received a WhatsApp user named after the platform and informing you that it is “starting the publicity of D round financing and investment services” and you are invited to join a WhatsApp group with other investors?
The message says: “With this single investment, your money doubles in power, because every penny that goes into your pocket doubles in profit”. Would you think the message is legitimately from your robo-advisor vendor?
Many WhatsApp users not linked to the investment service also received the scam message. The robo-advisor platform, StashAway, has since advised its users that its WhatsApp business account has a green checkmark badge icon as proof that it is a verified account linked to a specific official phone number.
Details are scarce at this point, and police investigations are ongoing.
Scam alarms ringing
Such an unsolicited advertising message is obviously a scam or at least a violation of WhatsApp rules. Regardless, we should all be wary of unsolicited messages. According to Kaspersky’s General Manager (SEA) Yeo Siang Tiong, this incident happened last week, and signals the broadened scope of cybercriminal agenda to include not just banks but also fintechs.
Said Yeo: “In this instance, cyber criminals take the opportunity to lure victims through a tempting and seemingly real opportunity. Unsuspecting victims might not even think twice about trusting a message, especially when combined with the right buzzwords such as ‘your money doubles in power’ or ‘every penny… doubles in profit’, which can sound too good to be true.”
While there will be many who are able to recognize such messages as scams, we cannot overlook the fact that there will still be many who fall prey, or share such scam messages to others who may in turn fall prey, Yeo said.
“It is important for individuals to recognize that unsolicited messages from banks, telcos and in this instance, financial service providers should always be treated with suspicion. When making applications for any online service, individuals should be wary when the promised ‘benefits’ are not forthcoming, especially if you’re required to join another group chat, or be redirected to multiple sites when participating,” said Yeo.
Remember not to disclose personal particulars, banking and credit card details and one-time passwords online or via messages under any circumstance, he reiterated.