WhatsApp Users Targeted by New Phishing Scam

Cybercriminals Exploit Familiar Tactics

A sophisticated online fraud is targeting WhatsApp users, with indications suggesting the same perpetrators behind a June scam that exploited the Bazoš brand. The latest phishing operation uses URL shorteners to mask malicious links leading to a fake WhatsApp login page, aiming to steal account credentials.

Sophisticated Social Engineering

The scam operates by sending deceptive messages, likely via SMS, informing users of an unauthorized login attempt on their WhatsApp account. The fraudulent website, registered under the domain “WhatsApp-povenie.My,” mimics legitimate login procedures. It employs the Bazoš icon, further linking it to previous fraudulent activities.

One operator of a URL shortening service, identified as Ján Nevočná, reported approximately 30 clicks on the malicious link before he could disable the shortened address. He anticipates the scammers will pivot to other services to continue their spread.

The Deception Unveiled

The fake website prompts victims to enter their phone number to “cancel the last attempt to sign in.” This tactic mimics the legitimate process of linking WhatsApp to new devices but directs users to a phishing site instead of a secure QR code scan.

If a user enters a fictional number, the site displays a “please wait” message. However, the ultimate goal of these scams is to trick individuals into divulging their phone number, which could then be used to facilitate account takeovers. Cybercriminals might then prompt users to enter a code sent to their phone, effectively granting unauthorized access to their WhatsApp profile.

Once an account is compromised, scammers can exploit it to distribute malicious content to all of the user’s contacts or other phone numbers. The range of fraudulent activities includes directing users to malware sites, investment scams, or requesting money by impersonating family members.

Past Frauds and Data Collection

In previous similar attacks, after a fake phone number verification, cybercriminals requested credit card details, claiming it was necessary to credit a small amount, such as one dollar. This highlights the risk of personal data collection, even if direct account alienation is not immediately achieved.

The security of messaging apps is crucial, as evidenced by the growing sophistication of these phishing attempts. According to Statista, as of January 2024, WhatsApp had over two billion monthly active users globally, making it a prime target for cybercriminals.

WhatsApp Active Users Worldwide, Statista, 2024.