Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

WhatsApp scam messages give away fake £100 vouchers for Sainsbury’s and Topshop, steal people's data

It's safest just to assume that any message you receive is risky at best

Andrew Griffin
Wednesday 26 October 2016 17:31 BST
The Facebook and WhatsApp applications' icons are displayed on a smartphone on February 20, 2014 in Rome
The Facebook and WhatsApp applications' icons are displayed on a smartphone on February 20, 2014 in Rome (AFP/Getty)

WhatsApp users are receiving messages that look far too good to be true – and are just that. People are being hit by a sinister new hack that sees them offered free money and then actually leads them to have their data stolen.

The messages arriving on people’s phones look innocent, and appear to come from friends and family. They offer £100 of gift cards for shops like Sainsbury’s or Topshop, and usually claim that the sender has already claimed their £100.

But the messages are in fact a scam that could see people’s phone’s hijacked, their personal information stolen and their money being put at risk. The link in the message appears to be a way of claiming the £100, but actually is a way of getting hold of people’s phones.

Most of the messages read: “Hey have you heard about this? Sainsbury's is giving away £100 gift cards”, though some of them swap the name of the shop around. The rest of the message claims that the company is “extending” its “store network” and so giving away vouchers as a way of promoting themselves.

To actually claim that money, people are usually sent to a link that looks legitimate, including the supposed address of a Sainsbury’s website. But it is actually hidden, sending people to a fake link that will probably steal their information.

Clicking on any link is risky, and should only be done when the message is legitimate. Doing so can put people at risk in a variety of ways – the most common of which is phishing, where the website on the end of the link looks legitimate and asks for information like passwords, but actually sends that off to a hacker or somebody else malicious.

As such, people are being advised to beware of the malicious messages and never to click on the link. In fact, it is safest just to delete the message entirely, making sure that you’re never able to accidentally click on it.

As a rule, it’s best to assume that any link that’s ever sent to you is risky – especially if it’s sent through a text message or WhatsApp. You can make sure by looking at the address, and in extreme circumstances getting in touch with the company before giving away any information.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in