Researchers at Bitdefender warn of a wave of social engineering attacks targeting WhatsApp accounts. The attacks begin with automated phone calls that instruct users to add a specific phone number to their WhatsApp contacts. The call then ends abruptly.
The scammers are doing this to gather potential targets for future attacks. Most people will ignore the calls, but those who do add the number to their contacts will be more likely to fall for additional social engineering attacks.
"The overall tactics are actually straightforward. Phone calls feel more urgent than emails or text messages," the researchers explain. "WhatsApp is widely trusted, so people often lower their guard, and adding a new contact seems harmless. However, the fact that criminals continue to invest time and money in these attacks means they are effective.
"Keep in mind that they don't expect to have many victims - they are focusing on a particular set of prey. If a user goes through the trouble of adding the phone number to the contacts, the attackers know that it's also much more likely they can carry out the scam to their fraudulent endgame."
The scammers can launch a variety of follow-on attacks against users who have fallen for this initial trick. Notably, if the attackers manage to compromise a WhatsApp account, they can use the account to target the victim’s legitimate contacts.
"Scammers target WhatsApp accounts because they're widely used and because it involves personal trust," Bitdefender explains. "After attackers persuade victims to add their number, scammers might send messages impersonating official WhatsApp support or a trusted organization. This is a very common tactic. They request the victim's verification code under false pretenses, granting them access to the victim's account, then they lock the victim out.
"Once hijacked, scammers use the compromised account to solicit money or personal information from the victim's contacts, exploiting established relationships and trust. They might even go so far as to demand a ransom to give back access."
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Bitdefender has the story.
