Everyone with a WhatsApp account needs to be on high alert and watch out for a new attack that could leave accounts ‘hijacked’ by scammers. Security experts at Kaspersky say that this latest threat is using a new tactic, and it’s easy to see how some are being fooled. The scam starts with a simple WhatsApp message that offers you the chance to vote on things such as favourite sports stars or actors.
It looks harmless enough, but all is not what it seems.
Instead of offering an interactive vote, these messages actually include links that direct people to fake websites where personal data is stolen.
Explaining more, Kaspersky said: “The scam begins with users being directed to a seemingly legitimate webpage claiming to host a voting contest.
“For instance, the page can feature photos of athletes, each accompanied by a “Vote” button and real-time counters displaying alleged vote totals and the number of users who have participated.
“These elements create a false sense of authenticity, encouraging user engagement.”
What makes this attack scarier is what can happen to those who are fooled. Cyber crooks appear to be using the trick in bid to get hold of the six-digit verfication number that WhatsApp sends out when trying to log in via a new device.
If that code falls into the wrong hands, it can give crooks full access to accounts and even lock the real users out. Once this happens, messages can be sent to contacts in a bid to steal money or gain even more personal data.
Explaining more, Tatyana Shcherbakova, Web Content Analyst at Kaspersky, said: “We see that online contests that include voting are very popular now, and this is used by attackers who exploit trust in this seemingly harmless activity. By combining social engineering with convincing fake interfaces, attackers are weaponising user engagement to steal sensitive data. Awareness and vigilance are critical to staying safe.”
To be protected from such hijacking scams, Kaspersky recommends following these four rules.
· Enable two-step verification: Activate WhatsApp’s two-step verification feature to add an extra layer of security, requiring a PIN for account access.
· Verify website authenticity: Avoid entering personal information on unfamiliar websites, especially those reached via unsolicited links. Always check the URL for legitimacy.
· Never share verification codes: WhatsApp will never ask for your verification code. Do not share it with anyone, or accept it from anyone, even if prompted by a seemingly trusted source.
· Use trusted and proven security software to detect and block malicious websites and links.