By Raji Rasaki
A viral message on Whatsapp had asked members of the public to apply for Australia Visa Sponsorship and Jobs for 2022/2023 consideration. The message provides a link via this website https://lyupz.com/Australia-Visa-Sponsorship,through which applicants are expected to apply. When you click on it, it takes you to a main host website:https://weplay.com.ng/Australia/. This latter website, we have found out, contains an iFrame (a computer programming used inside a webpage to load another HTML document inside) which enables it to play host to other 253 low ranking domains connected to its server. Findings show that visitors to these websites risk being exposed to data harvesting and phishing as iframe may provide hackers remote access to users’ data on such websites.
According to the whatsapp message,‘’the Australian government is looking for National and International applicants who can fill the shortage of jobs in Australia. The Australian Government announced a 400% number of immigrants. This is an opportunity to work legally in Australia’’.
To make it more appealing, the message also adds: ‘’Australia has already increased the number of immigrants from 35 Thousand to 195 Thousand in the current year.’’.
See the screenshot of the message below:
To check for red flags, we first launched by clicking on the link provided https://lyupz.com/Australia-Visa-Sponsorship, which eventually led us to a main website (https://weplay.com.ng/Australia) that hosts the application portal. This was the first red flag that prompted the need for investigation.
Before we continued, we took a quick look at the ABOUT US section of the website: https://weplay.com.ng). The results yielded nothing as the section remains empty.
See the screenshot of the ABOUT US section
Despite this, we then filled the application form as required and submitted.
See the screenshot of the filled form:
Having filled out the form, we were directed to CONTINUE to the next page to VALIDATE YOUR NAME, which we did. On the next page, another soothing message was boldly written:
‘’Your Application for the ongoing Australia Sponsorship Visa and Jobs Program is now on process (sic). Kindly validate your name to proceed to the next step. Note:The Number of Applicants is limited.
Again, the second salvo was when the message created in the next page, after having validated the name, was about the task of sharing the visa sponsorship application message to friends and groups on whatsapp. Suspicious sites such as this mostly often prompt users/prospective applicants in the task of sharing their purported messages to other social media users particularly on whatsapp groups and friends to either drive traffic to such websites or for data harvesting and phishing.
See the screenshot below
As soon as we stumbled on this SHARE page, we felt that there were enough grounds for verification. And for the fact that the identity of the owner(s) remains hidden also raises questions of legitimacy as a click on the ABOUT US section yielded no result.
Messages such as this have the tendency to go viral, given the manner at which the content is created to appeal to the emotion of the would-be-applicants to click the links and launch into the purported application site.
Given that several thousands of applicants who may have not only visited the sites but also shared the message could be at risk of being vulnerable to data harvesting and phishing, which are not just harmful in themselves but also are manipulated by different actors for pecuniary gains, we deemed it fit to verify the authenticity or otherwise of this site for the purpose of putting the facts about it and similar ones in proper perspective.
Exploring Whois Domain lookup (a google tool that verifies who owns a domain).
First, we subjected the link: https://lyupz.com/Australia-Visa-Sponsorship (on the whatsapp message) to verification, using Whois Domain Lookup), and this search shows that the website is less than ten months old, having been registered on the 19th of January, 2022 and updated the same day, suggesting its creation was hurriedly made for undisclosed activities.
Meanwhile, since its domain status shows that the website is registered and active with a valid SSL certificate, we decided to verify its rating status.
See the screenshot of the results from Whois Domain lookup
To check its rating status, we subjected the website to ScamAdviser, (a tool for verifying if a website is legit or a scam), results showed that it could not be trusted as it came up with a low trust rating. Based on this, users are advised to exercise much restraint when dealing with the site.
See result from ScamAdviser
Checking the main website: https://weplay.com.ng (The website that hosts the application portal)
When this website was submitted for checking on ScamAdviser, findings showed that the website has a valid SSL certificate, without any evidence of malware or phishing, indicating a strong rating score. However, a close observation shows that the website has a low tranco rank, indicating a weak traffic flow. Search also indicates an inclusion of an iframe on the website, coupled with its server having several low reviewed other websites.
See the screenshot below
Our investigations show this website (https://weplay.com.ng/Australia) is validly registered, with no evidence of malware and phishing. However, findings show that the website has a low ‘tranco rank’, indicating a very weak traffic flow. Yet, the fact that the website uses an iframe indicates its intent of driving traffic to its web page, and it apparently explains why it hosts the purported Australian sponsored job visa application portal through this link: https://lyupz.com/Australia-Visa-Sponsorship) as one of the domains on its server, as well as many other 253 domains connected to its server. Incidentally, the inclusion of other several weak and lowly trusted domains, with hidden identity and contacts, raises legitimacy questions as they could be ploys for data harvesting and phishing.
Lastly, and based on the above findings, the unsuspecting visitor-publics are advised to exercise adequate restraint when they encounter messages that direct them to websites such as those verified in this piece, as, the use of iframe, which is essentially not harmful in itself, could provide hackers or scammers a remote access to their data.