Scammers released a salary offer of R$ 12,000 for people to download the fake “Threads Lucrativo” application. The material began to circulate on the 7th and promised money for likes and comments.
This was the first fraud in Portuguese on Instagram’s new social network, Threads, confirmed by cybersecurity company Kaspersky.
The alleged smartphone app is sold for R$ 147. The website, which is still online, shows logos from Google’s Play Store and Apple’s App Store, to give verisimilitude to the hoax.
The company found more than 200 suspicious links on the platform in 24 hours of mapping. Scammers used the anticipation of the launch of the network as bait to spread fake sites that serve to steal money and data. The scam is known as phishing – in reference to the verb to fish in English.
This wave is similar to the one registered at the Pix launch, according to Fabio Assolini, director of Kaspersky’s Global Research and Analysis Team for Latin America. “Criminals use any device to reach their goal and the most common is monetization, that is, robbing victims.”
Brazil ranks third in the world for social media consumption, according to audience metrics consultancy Comscore. It is natural for fraudsters to take advantage of this space, according to Assolini.
The fraud is similar to one reported by Chinese clothing retailer Shein in April. At least nine influencers promoted a fake website referring to the name of the marketplace with an easy money offer. The address actually collected data that made a banking scam possible.
Although the offer of money for engagement seems absurd, there are real websites that pay fractions of a cent for likes and comments on social networks. These platforms are known as click farms.
A 2020 UEL (State University of Londrina) study shows the operation of eight platforms that recruit people for the role of “human bots” in boosting content on social networks. The rules of the main social networks veto this behavior, which can be punished with a ban.
The E2A and Earn on Networks click farms do not, however, charge for registration or downloading applications, such as the fake app “Threads Lucrativo.”
Scam posts and messages aim to steal logins and passwords. Paying attention to the website address is an essential step in preventing fraud. Names may have misspellings or other signs of forgery. Secure sites also feature a padlock to the left of the name.
The original Threads website, not yet operational, is threads.net.
Kaspersky has so far identified the following suspicious addresses:
HOW TO VERIFY SITE PROCEDURE
In addition to checking for spelling errors or replacing letters with numbers in the address, people should prioritize official Google and Apple websites and apps to download apps on their cell phones.
Official websites always start with the name of the institution. “The absence of the name is always an important scam alert”, warns Kaspersky.
Kaspersky, McAphee and other security companies also offer services to verify the origin of the website. The basic version of Kaspersky’s intelligence portal is free and can be accessed at this link.
Antiviruses installed on computers and cell phones also block access to fake websites.
Using strong, unique passwords for each account and enabling two-factor authentication also prevents scams.
Password managers such as 1Password, Kaspersky Password Manager and LastPass allow you to store different passwords in a single account and avoid problems arising from forgetting them.