The alleged Milka competition on Whatsapp is a brazen attempt at fraud

Subscription traps and Trojans
Harmful Whatsapp chain letter promises Milka lottery – this is how you recognize attempts at fraud

04/07/2022, 4:10 p.m

3 min reading time

“Free Easter gift baskets from Milka – 5000 free gifts for you” – that’s what it says in thousands of Whatsapp chats. But what sounds like the perfect competition for the Easter season turns out to be an attempt to lure the recipient into a subscription trap and, in the best case, to leave behind a Trojan.

Even Milka manufacturer Mondelez warns: “In various media, consumers are often informed about false Milka competitions! These are click baits that lead to a competition. These promotions are not from our company. Our Milka brand stands out with these competitions in no context. They only pursue the purpose of obtaining personal data in order to contact the participants afterwards.”

What happens when you click?

As soon as you tap the message, you will be sent to the Russian domain “wp20.ru”. The perfidious thing about the Milka scam: the competition doesn’t end there, but first of all you are asked to answer questions. The original message should then be forwarded to 20 contacts in order to finally qualify for the gift basket raffle.

Once you’ve done that, you can finally click on “Complete” – and this is where it gets dangerous. As reported by the Viennese association for the investigation of Internet abuse “Mimikama”, numerous different browser windows open, trying to lure the alleged lottery participant into subscription traps or to point out that a “cleaner update” is recommended for the smartphone.

If this malware is installed, the only way to protect yourself from malfunctions and fraudulent applications is to thoroughly reinstall the smartphone software.

It remains unclear who is behind the news and what the intentions of those behind the action are. Based on the domain, it is reasonable to assume that these could be Russian people who are wreaking havoc on smartphones in numerous countries or who want to gain access to devices and data. The campaign is not limited to Germany: Complaints are also coming from Argentina and Great Britain, where a chocolate popular there is advertised – in these examples Ferrero and Cadbury.

This is how you protect yourself from fraud attempts with the alleged Milka sweepstakes

A general protection against such messages is hardly possible because they are mostly forwarded by friends or family members. But you can use simple means to check whether the message is genuine. Basically, you should be skeptical about forwarded messages – because most chain letters with fraudulent intentions rely on it. A reputable manufacturer will not usually ask you to bother your Whatsapp contacts.

Another important indicator is the language. Pay close attention to the wording of an alleged sweepstakes. Clumsy spam messages are almost always accompanied by glaring errors that are very rare in real advertising campaigns. This is also the case with the Milka chain letter. The exact wording: “Free Easter gift baskets” – both times the “n” doesn’t fit in this case.

Finally, if shown, pay close attention to the website address. In any case, a Milka competition would take place on the manufacturer’s website, i.e. on “Milka.de”, never on a site called “wp20.ru”. Because even if the Russian domain ending “.ru” doesn’t mean anything to you at first – “wp20” sounds like everything, but not like a chocolate manufacturer.

Warn the sender

If you have received such a chain letter and recognize it as spam, point out to the sender that he may be sending a fraudulent website to his contacts – there is rarely malicious intent behind it. Chain letters from senders who are not in your address book should be used as an opportunity to block the sender’s number and report the process to Whatsapp. For unknown numbers, corresponding buttons appear immediately below the received message.

swell: Mondelez, Mimikama