The Russian quality system (Roskachestvo) reported on the new traps of scams in WhatsApp – E Hacking News
The absolute majority of fraud in WhatsApp occurs through social engineering when the text prompts the user to click on a link or download a file, said Ilya Loevsky, deputy head of Roskachestvo. So, criminals often make mass mailings with various profitable offers or lotteries to encourage the user to participate and click on an infected link or download a suspicious file.
“As a rule, hackers use big names of companies, such as Google, Apple, Facebook, hot topics like COVID-19, or super-profitable offers (last year it was a “promotion” about 1000 free gigabytes of the Internet for the 10th anniversary of the service). Fraudsters often fake official WhatsApp profiles by copying the name and design,” the expert gives examples.
According to the expert, sending such messages to your contacts is undesirable, as it only contributes to the spread of fraud.
However, after clicking on a malicious link, anything can happen to the victim, from stealing personal data to withdrawing funds from their card.
It is interesting to note that in June 2020, ESET reported a phishing attack aimed at the audience of WhatsApp and Telegram messengers. Users received messages asking them to fill out a questionnaire and get four barrels of beer from a famous brand as a gift.
One of the conditions for participation in the campaign was the mandatory forwarding of messages to ten contacts in WhatsApp.
In January of this year, a similar phishing attack was launched on WhatsApp users. Victims were lured by messages that a famous sports brand was celebrating an anniversary and giving t-shirts and shoes. To receive gifts, users were encouraged to click on the link.
Loevsky concluded that sometimes messages from unknown users may contain just forwarded files that spread panic in society, so it is better to disable auto-upload of media files in the messenger settings and not accept files from unknown accounts.