Hackers and Phishing Scams
Hackers continue to innovate when stealing personal information, so WhatsApp users should be on guard for suspicious emails. A report from email security company Armorblox claims that a group of hackers based in Russia are using email spoofing and fake voice message notifications to steal personal information from the app’s users.
Phishing attempts and how they happen
WhatsApp users receive a fake email stating that they have a voice message through an email address with a .ru domain. Often, these phishing messages are accompanied by a lousy URL that directs the user to a page where, when the play button for the fake voicemail is clicked, the user is asked if they are robots.
Information like passwords and payment information can be accessed and stolen by the Infostealer malware once installed on the victim’s computer.
Phishing scams: how to avoid them
Armorblox offers users three additional methods to thwart phishing attacks such as these:
- Enhancing native email security with other controls
- Monitoring social engineering cues
- Password management best practices and multi-factor authentication
Verifying the email domain and address of the sender can also prove valuable, as the WhatsApp example has demonstrated. Even if the email appears to be coming from a legitimate source, such as WhatsApp, looking for inconsistencies might help you avoid scams.
Last but not least, McQuiggan notes that a healthy dose of skepticism on the part of users can go a long way toward preventing attacks such as these. Verifying the source of an email can prevent potential victims from potentially having their sensitive information stolen.
It is also recommended to use multi-factor authentication on both business and personal accounts and has different passwords for each website to prevent multiple accounts from becoming compromised.