• Home
  • About
  • Contact
  • Privacy
  • Terms
  • DCMA
  • Sitemap
  • Submit
Regional Posts
No Result
View All Result
  • News
    • Sports
    • Politics
  • Business
    • Crypto
    • Marketing
  • Lifestyle
    • Entertainment
    • Fashion
    • Food
  • Tech
    • Gaming
    • Gadgets
  • Science
  • Health
  • Travel
  • World
Regional Posts
  • News
    • Sports
    • Politics
  • Business
    • Crypto
    • Marketing
  • Lifestyle
    • Entertainment
    • Fashion
    • Food
  • Tech
    • Gaming
    • Gadgets
  • Science
  • Health
  • Travel
  • World
No Result
View All Result
Regional Posts
No Result
View All Result
Home Tech

Hackers employ voicemail phishing attacks on WhatsApp users

by Editor
November 20, 2022
in Tech
0
Hackers employ voicemail phishing attacks on WhatsApp users
556
SHARES
3.7k
VIEWS
Share on FacebookShare on Twitter

The scam was able to bypass Google and Microsoft’s email security filters after appearing to come from a legitimate email domain.

Image: Getty Images/iStockphoto

READ ALSO

Boost Your Online Cycling & Running with the Vingo App

The 6 best video editor apps for Android [2022]

Hackers are continuing to get more creative when it comes to stealing personal information, and WhatsApp users should be on alert for any suspicious looking emails. According to a report from email security company ArmorBlox, a Russian-based group of cyber criminals is using email spoofing and fake voice message notifications to retrieve personal information from the app’s users.

ArmorBlox states that nearly 28,000 emails using this method have been sent out, and have been linked to a page labeled ‘center for road safety of the Moscow region’. The emails in question appear to be from an accredited email source, and were able to successfully bypass Microsoft and Google’s email security processes.

Must-read security coverage

“When one gets an email with a voicemail from a popular messaging app or another social media platform informing the user to listen to the recording for an important message, many people might not recognize that as a scam and fall victim to it,” said James McQuiggan, security awareness advocate at KnowBe4. “Users should review three questions about any email coming into their inboxes. Is the email unexpected? Is this person a stranger? Do they want me to do something quickly? If any of these responses are yes, then it is a good recommendation to take a few extra moments to review the email for links, verify the sender and have a healthy skepticism towards the email.”

How the attempted phishings are happening

Through use of a phony email address with an .ru domain, WhatsApp’s users receive a fake email stating the person has a voice message. These phishing messages come included with a bad URL sending the user to a page where, when the play button for the fake voicemail is clicked, the user is asked the common ‘are you a robot’ question. Once the victim clicks they are not a robot, a trojan JS/Kryptik attempts to install malicious software on the victim’s computer, allowing the hackers to bypass Windows’ user account controls.

Once the Infostealer malware is installed, it can then access the victim’s browser, allowing for information like passwords and payment information to be accessed and exfiltrated. In addition, credentials for applications such as Microsoft 365 and Google Workspace have been stolen.

“When they see it, most people will recognize someone trying to scam them in real life. For example, walking on the streets of New York City and someone tries to sell them an expensive brand watch or handbag, most people will know they are fake and carry on walking,” McQuiggan said. “Users are too accepting of emails. There needs to be more education for everyone, not just within organizations, to spot electronic social engineering or scams, so it is apparent like someone who is trying to sell a fake watch or handbag on the street.”

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

Ways to avoid the phishing scam

ArmorBlox raises three additional methods for users to subvert phishing attempts such as these:

  1. Augmenting native email security with additional controls
  2. Watching out for social engineering cues
  3. Using multi-factor authentication and password management best practices

Some additional considerations recommended by the email security company include getting familiar with Gartner’s Market Guide for Email Security, for assistance in sniffing out these attacks immediately. As this phishing example was able to bypass security from Google and Microsoft, the additional tips and tools recommended by Gartner can provide additional layers when it comes to phishing email attempts.

Verifying the email domain and address of the sender can also pay dividends, as the WhatsApp example has illustrated. Looking for inconsistencies such as grammatical errors or logical deviations from the norm can help users avoid being scammed, even if the email on the surface seems to be from a legitimate source, such as WhatsApp.

Lastly, as McQuiggan notes, a healthy amount of skepticism by users can go a long way in preventing attacks such as these. Always verifying the source of an email can save potential victims a great deal of hassle in potentially having their sensitive information stolen. Employing multi-factor authentication is also a recommended option on both business and personal accounts along with having different passwords for websites to avoid having multiple accounts compromised.

Source by www.techrepublic.com

Share222Tweet139
Previous Post

Anker’s first 3D printer might be the one you’ve been waiting for

Next Post

Mayor Adams says he had no role in firing NYC lawyer who confronted him over toddler masks

Related Posts

Boost Your Online Cycling & Running with the Vingo App
Tech

Boost Your Online Cycling & Running with the Vingo App

January 4, 2023
The Best Video Editing For IOS And Android [2022]
Tech

The 6 best video editor apps for Android [2022]

January 10, 2023
5 Signs You Should Invest in Job Management Software for Your Trade Business
Tech

5 Signs You Should Invest in Job Management Software for Your Trade Business

December 1, 2022
Doogee’s V30 Set
Tech

Doogee’s V30 Set To Be The First Rugged Phone To Launch With An eSIM Feature

November 26, 2022
Doogee’s First Tablet T10 Will Refresh You With Ultimate Entertainment
Tech

Doogee’s First Tablet T10 Will Refresh You With Ultimate Entertainment

October 31, 2022
Google Chrome icon
Tech

Google execs knew ‘Incognito mode’ failed to protect privacy, suit claims

November 20, 2022

POPULAR NEWS

Capitol Police Release New Video of Officer Lila Morris Beating Already Unconscious Rosanne Boyland with Stick on Jan. 6 -- But Video Is Super Pixilated to Protect Morris

Capitol Police Release New Video of Officer Lila Morris Beating Already Unconscious Rosanne Boyland with Stick on Jan. 6 — But Video Is Super Pixilated to Protect Morris

November 19, 2022
Euphoria Season 2: Maddy and Cassie's New Year's Eve Outfits

Euphoria Season 2: Maddy and Cassie’s New Year’s Eve Outfits

November 19, 2022
See Photos of Type O Negative's Peter Steele Through the Years

See Photos of Type O Negative’s Peter Steele Through the Years

November 19, 2022
Helena Citron was a prisoner at Auschwitz, the notorious concentration camp in Poland, when she was romanced by Nazi officer Franz Wunsch.

Movie reveals affair between Auschwitz prisoner, Nazi captor

November 20, 2022
Last Night in Soho's Costume Designer On the Movie's Fashion

Last Night in Soho’s Costume Designer On the Movie’s Fashion

November 19, 2022

EDITOR'S PICK

Tommy Robinson’s Car FIREBOMBED After Release of Documentary Trailer on Grooming Gangs (VIDEO)

Tommy Robinson’s Car FIREBOMBED After Release of Documentary Trailer on Grooming Gangs (VIDEO)

November 19, 2022
brio beardscape 2

The Internet’s Favorite Beard Trimmer Has Just Been One-Upped

November 19, 2022
Playdate is a refreshing and unique gaming handheld, but keep your expectations weird – TechCrunch

Playdate is a refreshing and unique gaming handheld, but keep your expectations weird – TechCrunch

November 20, 2022
Mayor Eric Adams said that he requested an extension to file his taxes at an event in Red Hook, Brooklyn on April 20, 2022.

Eric Adams again gets testy over making tax returns public

November 20, 2022

About

REGIONAL POSTS Web Magazine is an online magazine covering international news, politics, technology, health, education, and much more.Read More.

Follow Us

Submit a News | Write For Us

Feel free to contact us for submission queries. via contact form or email us at : [email protected]

  • Home
  • About
  • Contact
  • Privacy
  • Terms
  • DCMA
  • Sitemap
  • Submit

© 2021 Regionalposts.com

No Result
View All Result
  • News
    • Sports
    • Politics
  • Business
    • Crypto
    • Marketing
  • Lifestyle
    • Entertainment
    • Fashion
    • Food
  • Tech
    • Gaming
    • Gadgets
  • Science
  • Health
  • Travel
  • World

© 2021 Regionalposts.com