The way in which cybercriminals use WhatsApp to commit a certain type of fraud is very varied and there are different modalities.
ESET, which works on proactive threat detection, ensures that most scams circulating through or on behalf of the app use social engineering; that is, they manipulate the user into believing something that he is not and thus convince him to perform an action that interests the criminal.
“The main recommendation is to learn to beware, the second thing is to enable two-step authentication on WhatsApp, and if possible using an authenticator application and not SMS. This way we avoid the account hacking. In addition, it is advisable to have a security solution installed, configured and updated on the device”, explains Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Lab.
How can they deceive us?
1. Fake Brand Birthday Prank: It starts with a message that reaches the potential victim and states that a well-known brand or service is celebrating its birthday and therefore offering some kind of gift or benefit.
The message includes a link allowing the user to access “his price”, but before obtaining it, he must generally answer a survey. Then to continue you need to share the message with a number of WhatsApp contacts or groups.
However, the freebie or prize never materializes and the user is redirected to sites displaying invasive advertisements. In some cases, malicious campaigns ask the victim to download suspicious apps or plug-ins that usually end up installing some type of adware that displays invasive advertisements and collects user information.
2. False economic aid: Fraudsters seek to take advantage of the economic needs of citizens to deceive them and steal their personal data. Personal data, such as name, date of birth, document number, nationality, among others, in addition to being marketed in forums, are used by criminals to commit other frauds.
This deception usually begins with a message about a solidarity aid program for certain sectors of the population and invites those who meet the conditions to register for aid.
3. Random tricks to get personal data: it starts with a message from an unknown number, someone who plays the unknown and tries to trick the unsuspecting user into believing that it is someone one he knows and is in another country. It usually starts with:
-Good morning, how are you doing? Greetings from a distance. I send you a big hug.
Then continue with something similar to:
“I imagine you remember who’s writing to you from Spain, don’t you?”
“Don’t tell me you’re Mireya?
“Of course yes, how are they there?”
*This was a real dialogue between a scammer and a potential victim who decided to continue the conversation and trick the criminal.
The intention is to see if the victim gives the scammer the chance to continue with the plan. The objective is to ask for help for a small mishap.
4.Tools to spy on WhatsApp: In Google search trends, “spy on WhatsApp” is a highly searched term, there is interest from users who are looking for ways to spy on conversations of third party account. And scammers know this, which is why a lot of unsavory sites are indexed in Google that promise a spy solution. The real purpose is usually to display advertisements and collect information from those who decide to try these apps, extensions or online services.
5. WhatsApp account hack: When the WhatsApp application is installed on a new device, the phone number associated with our account must be entered. An SMS message will then arrive with a six-digit verification code to validate the user’s identity. This process is used by attackers looking to take control of accounts, both users and businesses.
The victim receives an SMS or via WhatsApp on his phone asking if he can resend the six-digit code that was sent to him by mistake. The message may be from a contact who has lost access to your account or from an unknown number. If the unsuspecting victim accesses and returns the code that arrived unexpectedly, chances are that they will lose control of their WhatsApp account if they have not enabled two-factor authentication.
ESET has also identified cybercriminals posing as the official WhatsApp account of public organizations or the health sector, for different types of deception, and one of them is stealing the WhatsApp verification code. For example, when in Argentina, crooks took over the government and contacted users to assign shifts for the COVID-19 vaccine with the real objective of stealing the WhatsApp verification code and then scamming their users. contacts and download their information. .
Another very common way cybercriminals use to steal WhatsApp accounts is through SIM swapping, although this goes beyond WhatsApp and allows other accounts to be hijacked, including banking credentials. SIM card swapping is when criminals manage to trick the phone company and get a chip with your phone line by pretending to be the user. This way they take control of the phone line and the SMS with the verification code will reach the attacker who controls the SMS.
6. WhatsApp Phishing Scams: Once gaining access, criminals use the accounts in different ways. For example, supplanting the identity of the victims. For this, they usually upload the contact list, account profile picture and other relevant information in case they want to create a fake profile with another number, but they also communicate directly from the stolen account with the family and friends to ask for money for a supposed emergency or convince them to take other action.
7. Fake updates with new features for WhatsApp: These scam campaigns that refer to the release of a version of the app with new features. ESET has observed examples of these tricks prompting people to download WhatsApp in pink and other colors, such as blue or names like WhatsApp Plus. The WhatsApp Rosa campaign, for example, far from being an innocuous campaign, it downloaded a Trojan horse to the victim’s phone.
8. Malware distribution via WhatsApp: Malware distribution campaigns via WhatsApp have been detected. Last year, for example, ESET analyzed in-app malware that attempted to trick victims into downloading an app from a website pretending to be Google Play. Once the malicious app was installed, any message that reached the victim’s device automatically received a personalized response with a link to download the fake app. Although the threat apparently sought to deploy invasive advertising to the victim’s phone, as explained by researcher Lukas Stefanko, “This malware could possibly deliver more dangerous threats since the message text and the link to the malicious application are received from the server of the attacking malware, it could simply distribute banking Trojans, ransomware or spyware.
Finally, attackers also often resort to distributing malware through phishing emails that masquerade as official communications from WhatsApp. In 2021, for example, a phishing campaign that circulated mainly in Spain pretending to be official and asking to upload a backup of conversations and call history in the app. However, the attached HTML file redirects you to download a ZIP archive, which in turn contains an MSI file that downloads the malware. In this case, it was the Grandoreiro banking Trojan.
#vulnerable #fall #WhatsApp #scam