Everyone with a WhatsApp account needs to be on high alert and watch out for a new attack that could leave accounts 'hijacked' by scammers.Security experts at Kaspersky say that this latest threat is using a new tactic, and it's easy to see how some are being fooled.The scam starts with a simple WhatsApp message that offers you the chance to vote on things such as favourite sports stars or actors.
Read more: Your WhatsApp account is in danger, you must follow new advice to 'protect' it Read more: All iPhone users with WhatsApp urged to download ‘critical’ update It looks harmless enough, but all is not what it seems.Article continues below ADVERTISEMENTInstead of offering an interactive vote, these messages actually include links that direct people to fake websites where personal data is stolen.Explaining more, Kaspersky said: "The scam begins with users being directed to a seemingly legitimate webpage claiming to host a voting contest."For instance, the page can feature photos of athletes, each accompanied by a “Vote” button and real-time counters displaying alleged vote totals and the number of users who have participated."These elements create a false sense of authenticity, encouraging user engagement." Article continues below ADVERTISEMENTAlex Jones confirms The One Show's new WhatsApp number What makes this attack scarier is what can happen to those who are fooled.Cyber crooks appear to be using the trick in bid to get hold of the six-digit verfication number that WhatsApp sends out when trying to log in via a new device.If that code falls into the wrong hands, it can give crooks full access to accounts and even lock the real users out.
Once this happens, messages can be sent to contacts in a bid to steal money or gain even more personal data.Explaining more, Tatyana Shcherbakova, Web Content Analyst at Kaspersky, said: “We see that online contests that include voting are very popular now, and this is used by attackers who exploit trust in this seemingly harmless activity.By combining social engineering with convincing fake interfaces, attackers are weaponising user engagement to steal sensitive data.Awareness and vigilance are critical to staying safe."Attackers are weaponising user engagement to steal sensitive dataTo be protected from such hijacking scams, Kaspersky recommends following these four rules.· Enable two-step verification: Activate WhatsApp’s two-step verification feature to add an extra layer of security, requiring a PIN for account access.· Verify website authenticity: Avoid entering personal information on unfamiliar websites, especially those reached via unsolicited links.
Always check the URL for legitimacy.· Never share verification codes: WhatsApp will never ask for your verification code.Do not share it with anyone, or accept it from anyone, even if prompted by a seemingly trusted source.· Use trusted and proven security software to detect and block malicious websites and links. SUBSCRIBE Invalid emailWe use your sign-up to provide content in ways you've consented to and to improve our understanding of you.
This may include adverts from us and 3rd parties based on our understanding.You can unsubscribe at any time.Read our Privacy Policy
