A potentially devastating WhatsApp phishing scam has recently been spreading like wildfire. Victims could end up having their personal information stolen. Keep on reading to learn what we know about the scam and how to prevent it.
WhatsApp voice message scam
A malicious email with the subject “New Incoming Voicemessage” has been widely circulating recently. The email has already been sent to close to 28,000 mailboxes, with the scammers targeting multiple organizations across healthcare, education, and retail.
Although it’s highly malicious, the email has been able to bypass security measures in Office 365 and Google Workspace.
How the scam works
Here is a breakdown of how this WhatsApp voicemail scam works:
- A victim is sent an email that says they have a new WhatsApp voicemail message.
- The victim is deceived by the email and clicks on the green “Play” button inside.
- A webpage is opened where the victim is asked to confirm that they “are not a robot” by clicking the “Allow” button in the top-left corner.
- Once the “Allow” button is clicked on, a Trojan horse called JS/Kryptik is installed on the victim’s device. JS/Kryptik enables hackers to steal personal information stored within the web browser.
How to protect yourself
- Double-check the sender’s mobile number/email address.
- Always go to the official website/application instead of using links from unknown sources.
- Use Trend Micro ScamCheck to surf the web safely (it’s free!)
Trend Micro ScamCheck is an all-in-one browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links – and it’s FREE!
After you’ve pinned the ScamCheck extension, it will block dangerous sites automatically! (Available on Safari, Google Chrome, and Microsoft Edge).
You can also download the ScamCheck mobile app for 24/7 automatic scam and spam filtering. (Available for Android and iOS).
Check out this page for more information on ScamCheck.
Finally, if you’ve found this to be a helpful read, please do SHARE it with friends and family to help keep the online community secure and protected.