Earlier this week, researchers from Checkpoint software disclosed a vulnerability in What’sApp, that let hackers compromise personal data using just their phone number.While What’sApp quickly responded to that vulnerability, another harder to stop scheme is emerging, affecting What’sApp users and preying on well-known brand names.
As of a few days ago, a Whatsapp message has been circulating throughout Latin America and other regions, purporting to be from a trusted brand, such as Zara, H&M, Starbucks, and many more. The message invites users to fill out a questionnaire and receive a discount coupon. The message also requests users to send the invitation to 10 other contacts—contributing to the attack quickly spreading. This kind of social engineering attack has a high success rate, since it leverages renowned, hip brands that have high trust among users, and that frequently use newer channels to communicate with their customer base.
Through these schemes, cybercriminals seek to install malicious software on a victim’s device for different purposes, including subscribing to premium (pay) services and gathering personal information. This information can later be used in directed attacks, aka “spear phishing”, which attempt to obtain even more critical user information, namely credit card numbers and access credentials.
To avoid falling victim to these attacks, always take messages sent through different channels (email, social networks, SMS messaging) that promise easy and quick benefits, or press users into performing specific actions, with a grain of salt. Do not open any attached links and delete said messages immediately.