Hackers employ voicemail phishing attacks on WhatsApp users

The scam was able to bypass Google and Microsoft’s email security filters after appearing to come from a legitimate email domain.

Hackers are continuing to get more creative when it comes to stealing personal information, and WhatsApp users should be on alert for any suspicious looking emails. According to a report from email security company ArmorBlox, a Russian-based group of cyber criminals is using email spoofing and fake voice message notifications to retrieve personal information from the app’s users.

ArmorBlox states that nearly 28,000 emails using this method have been sent out, and have been linked to a page labeled ‘center for road safety of the Moscow region’. The emails in question appear to be from an accredited email source, and were able to successfully bypass Microsoft and Google’s email security processes.

“When one gets an email with a voicemail from a popular messaging app or another social media platform informing the user to listen to the recording for an important message, many people might not recognize that as a scam and fall victim to it,” said James McQuiggan, security awareness advocate at KnowBe4. “Users should review three questions about any email coming into their inboxes. Is the email unexpected? Is this person a stranger? Do they want me to do something quickly? If any of these responses are yes, then it is a good recommendation to take a few extra moments to review the email for links, verify the sender and have a healthy skepticism towards the email.”

How the attempted phishings are happening

Through use of a phony email address with an .ru domain, WhatsApp’s users receive a fake email stating the person has a voice message. These phishing messages come included with a bad URL sending the user to a page where, when the play button for the fake voicemail is clicked, the user is asked the common ‘are you a robot’ question. Once the victim clicks they are not a robot, a trojan JS/Kryptik attempts to install malicious software on the victim’s computer, allowing the hackers to bypass Windows’ user account controls.

Once the Infostealer malware is installed, it can then access the victim’s browser, allowing for information like passwords and payment information to be accessed and exfiltrated. In addition, credentials for applications such as Microsoft 365 and Google Workspace have been stolen.

“When they see it, most people will recognize someone trying to scam them in real life. For example, walking on the streets of New York City and someone tries to sell them an expensive brand watch or handbag, most people will know they are fake and carry on walking,” McQuiggan said. “Users are too accepting of emails. There needs to be more education for everyone, not just within organizations, to spot electronic social engineering or scams, so it is apparent like someone who is trying to sell a fake watch or handbag on the street.”

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

Ways to avoid the phishing scam

ArmorBlox raises three additional methods for users to subvert phishing attempts such as these:

1. Augmenting native email security with additional controls
2. Watching out for social engineering cues
3. Using multi-factor authentication and password management best practices

Some additional considerations recommended by the email security company include getting familiar with Gartner’s Market Guide for Email Security, for assistance in sniffing out these attacks immediately. As this phishing example was able to bypass security from Google and Microsoft, the additional tips and tools recommended by Gartner can provide additional layers when it comes to phishing email attempts.

Verifying the email domain and address of the sender can also pay dividends, as the WhatsApp example has illustrated. Looking for inconsistencies such as grammatical errors or logical deviations from the norm can help users avoid being scammed, even if the email on the surface seems to be from a legitimate source, such as WhatsApp.

Lastly, as McQuiggan notes, a healthy amount of skepticism by users can go a long way in preventing attacks such as these. Always verifying the source of an email can save potential victims a great deal of hassle in potentially having their sensitive information stolen. Employing multi-factor authentication is also a recommended option on both business and personal accounts along with having different passwords for websites to avoid having multiple accounts compromised.