A fake website claiming to give different-coloured skins for popular messaging platform WhatsApp has now surfaced online, and is looking to steal user data. The cybercrime may be the latest in a series of increasingly potent and fearful cyberattacks being witnessed across the world, the latest of them being the WannaCry ransomware.
The scam was first spotted by user "yuexist", who posted about it on social networking platform Reddit. He points out that while the official URL of WhatsApp is http://whatsapp.com, the URL of the fake website is http://шһатѕарр.com. The "ш" symbol, which resembles "w" in some fonts, is actually a Greek or Cyrillic alphabet.
How it works
The user "yuexist" explains: "User gets a message saying WhatsApp is now available with different colors. 'I love the new colors for whatsapp http://шһатѕарр.com/?colors'. When you click the fake whatsapp.com url on your mobile, the user is made to share the link to multiple groups for human verification."
He adds: "Once you're done sharing, you are made to install adware apps. After you have installed the adware, the website says the WhatsApp color is available only on WhatsApp web and makes you install an extention." This extension is an adware — a malicious software that constantly displays advertisements on your web browser.
Who is behind it?
The manner in which users are being made to give access to their WhatsApp details by this fake website shows it is a phising site. Phishing is described by the website Phishing.org as: "a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords."
Official WhoIs data — information a person has to provide while registering a domain name — shows that the person who has registered "шһатѕарр.com" has kept his or her name private, but has provided an address located in the US state of Arizona. However, it matches exactly with the "Who Is" data for Godaddy.com!
It is strongly advised that users do not try to click on any of the links or try to install anything from this website. Doing so could put your data — from login credentials to possibly whatever you send and receive — in the hands of unscrupulous person(s) who could use it in a variety of malicious ways.