WhatsApp scam messages give away fake £100 vouchers for Sainsbury’s and Topshop, steal people's data

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

WhatsApp users are receiving messages that look far too good to be true – and are just that. People are being hit by a sinister new hack that sees them offered free money and then actually leads them to have their data stolen.

The messages arriving on people’s phones look innocent, and appear to come from friends and family. They offer £100 of gift cards for shops like Sainsbury’s or Topshop, and usually claim that the sender has already claimed their £100.

But the messages are in fact a scam that could see people’s phone’s hijacked, their personal information stolen and their money being put at risk. The link in the message appears to be a way of claiming the £100, but actually is a way of getting hold of people’s phones.

Most of the messages read: “Hey have you heard about this? Sainsbury's is giving away £100 gift cards”, though some of them swap the name of the shop around. The rest of the message claims that the company is “extending” its “store network” and so giving away vouchers as a way of promoting themselves.

To actually claim that money, people are usually sent to a link that looks legitimate, including the supposed address of a Sainsbury’s website. But it is actually hidden, sending people to a fake link that will probably steal their information.

Clicking on any link is risky, and should only be done when the message is legitimate. Doing so can put people at risk in a variety of ways – the most common of which is phishing, where the website on the end of the link looks legitimate and asks for information like passwords, but actually sends that off to a hacker or somebody else malicious.

As such, people are being advised to beware of the malicious messages and never to click on the link. In fact, it is safest just to delete the message entirely, making sure that you’re never able to accidentally click on it.

As a rule, it’s best to assume that any link that’s ever sent to you is risky – especially if it’s sent through a text message or WhatsApp. You can make sure by looking at the address, and in extreme circumstances getting in touch with the company before giving away any information.