WhatsApp is the world’s most popular cross-platform messaging application. However, it has been the target of a new scam lately, which tricks users into disclosing personal data which might be used against later.
The researchers say that the links come from users’ friends and lead users to a discount page which asks for their personal details. After that, some users are transferred to corrupted websites via the links, which in turn infect the users phones with malware and let hackers steal their personal details.
David Emm, a principal security researcher at Kaspersky Lab, stated that hackers’ attention had been mostly attracted by WhatsApp’s prevalence in Europe and India. According Emm’s report, “We have noted that this WhatsApp scam has been actively circling for some time. It ‘speaks’ several languages so the attacks can be customised for each market.”
“The message convinces the user to forward the message to 10 contacts, so he/she can receive a certain promotion (such as £5 discount at Starbucks, Zara etc),” Emm said.
The threat keeps spreading around as hackers convince users to forward the message to 10 of their contacts in order to receive a certain promotion. Most of the scam messages require users to register with their basic details such as name, email, phone number and address. After that, criminals install malware on the unsuspecting user’s phone.
Not long ago, WhatsApp crossed a billion users worldwide and got over 65 million users in India, making it an attractive ground for criminals. As a result, the effect of the malware attack can be far reaching.
Recently, the company removed the 0.99 cents annual subscription fee. This means that if users receive a message asking them to share it with unspecified number of contacts to avoid suspension, they should be aware that it’s a pure scam.
Also, any messages which contain suspicious links to websites with a promise to offer discounts are hackers who are trying to infect user’s device and steal sensitive information. The best thing users can do in this case, is to avoid opening any links unless they are verified by a trusted sender. In case users receive such links from friends, contact them separately through a different medium to verify its legitimacy.
In fact, it’s not the first time when WhatsApp has been used as a platform to attack users. Some time ago, another scam in the application was exposed by the security researchers. It posed a threat to all users by attempting to access and retrieve information from banking apps on users’ smartphones.
Additionally, several cases of scam were reported last month when Android users were trying to update the messaging app, however, they installed malware which stole their personal information instead.