Newest Whatsapp Threat – Social Engineering Leveraging Trusted Brands

whatsapp threat
Share Button

Earlier this week, researchers from Checkpoint software disclosed a vulnerability in What’sApp, that let hackers compromise personal data using just their phone number.While What’sApp quickly responded to that vulnerability, another harder to stop scheme is emerging, affecting What’sApp users and preying on well-known brand names.

As of a few days ago, a Whatsapp message has been circulating throughout Latin America and other regions, purporting to be from a trusted brand, such as Zara, H&M, Starbucks, and many more. The message invites users to fill out a questionnaire and receive a discount coupon. The message also requests users to send the invitation to 10 other contacts—contributing to the attack quickly spreading. This kind of social engineering attack has a high success rate, since it leverages renowned, hip brands that have high trust among users, and that frequently use newer channels to communicate with their customer base.

Through these schemes, cybercriminals seek to install malicious software on a victim’s device for different purposes, including subscribing to premium (pay) services and gathering personal information. This information can later be used in directed attacks, aka “spear phishing”, which attempt to obtain even more critical user information, namely credit card numbers and access credentials.

To avoid falling victim to these attacks, always take messages sent through different channels (email, social networks, SMS messaging) that promise easy and quick benefits, or press users into performing specific actions, with a grain of salt. Do not open any attached links and delete said messages immediately.

Related Posts

Account Takeover – What You Need to Know About This $7 Billion Scheme Account takeover (ATO) – it’s the ultimate goal of most fraud attacks, and already causes at least $6.5 billion to $7 billion USD in annual losses across multiple verticals.
Is Your End-User Education Enough to Stop the Next Phishing Attack? Phishing is one of the oldest forms of digital fraud, and it shows no signs of going away anytime soon.

Leave a Reply

Your email address will not be published. Required fields are marked *