A potentially devastating WhatsApp phishing scam has recently been spreading like wildfire. Victims could end up having their personal information stolen. Keep on reading to learn what we know about the scam and how to prevent it.
WhatsApp voice message scam
A malicious email with the subject
“New Incoming Voicemessage” has been widely circulating recently. The email has
already been sent to close to 28,000 mailboxes, with the scammers targeting
multiple organizations across healthcare, education, and retail.
Although it’s highly malicious, the email has been able to bypass security measures in Office 365 and Google Workspace.
How the scam works
Here is a breakdown of how this WhatsApp voicemail scam works:
- A victim is sent an email that says they have a new WhatsApp voice message.
- The victim is deceived by the email and clicks on the green “Play” button inside.
- A webpage is opened where the victim is asked to confirm that they “are not a robot” by clicking the “Allow” button in the top-left corner.
- Once the “Allow” button is clicked on, a Trojan horse called JS/Kryptik is installed on the victim’s device. JS/Kryptik enables hackers to steal personal information stored within the web browser.
How to protect yourself
- Double check the sender’s mobile number/email address.
- Always go to the official website/application instead of using links from unknown sources.
- Use security software such as Trend Micro Mobile Security to scan, detect and block malicious links from opening emails and text messages.