Hackers are targeting users on the world's largest cross-platform messaging app – WhatsApp – by inserting harmful links into conversations so they appear like they coming from a friend. This increases the likelihood of damage on a large scale and results in sensitive information being extracted.
According to BT, the links lead users to genuine-looking discount sites of profound brands and asks for users' personal information. Accessing the links infects the smartphone with malware, which then allows scammers to extract sensitive information such as banking details.
WhatsApp recently revealed that it has one billion users around the world and more than 65 million users come from India. The latest scam on WhatsApp comes in several languages, which makes it a global concern, according to a security researcher at Kaspersky Lab, David Emm.
"We have noted that this WhatsApp scam has been actively circling for some time. It 'speaks' several languages so the attacks can be customised for each market," Emm told This Is Money. "The message convinces the user to forward the message to 10 contacts, so he/she can receive a certain promotion (such as £5 discount at Starbucks, Zara etc)."
"Currently, threats targeting WhatsApp users are bigger than the classic eBay phishing scams. In India, over the past few days and weeks thousands of users were affected, and in Germany, Italy and Spain we saw tens of thousand affected users," Michal Salat, Threat Intelligence Manager at Avast, told International Business Times, India via email.
How to identify scams and avoid them?
WhatsApp has dropped its annual fees for using the app around the world, so if users receive a message asking to share it with unspecified number of contacts to avoid suspension, it is a scam. Messages including suspicious links to websites with a promise to offer discounts are scammers attempt to infect the device and obtain personal information. It's best to avoid clicking on any links unless verified by the trusted sender.
If users receive such links from friends, verify its authenticity by contacting them through a different medium (SMS or call).
Salat also warned users to stay alert. "In general, WhatsApp users should be careful when clicking on links, even if they receive them from friends - and especially if they seem like a random, unexpected message. If you receive a link from your friend, first reconfirm with your friend if they really sent this email before opening any link," Salat added. "Also, take a look at the sender of the email, which might help you distinguish scam emails from harmless emails, and as always, do not run executables from your email if you are not 100% sure what the file is."
This is not the first time WhatsApp has been used as a platform to attack users. Last month, hackers disguised their hideous attempts in the form of an update to the app, which instead installed shady software to steal information from banking apps. Another instance occurred last year when hackers took advantage of the voice-calling feature rollout by offering fake invites.