Russian hackers are using email spoofing and fake voice message notifications to steal personal information from WhatsApp users.

According to a report by e-mail security company ArmorBlox, almost 28,000 e-mails were sent using this method and linked to a page labeled ‘center for road safety of the Moscow region.’

The email was able to bypass Google’s and Microsoft’s email security checks after it appeared to come from a legitimate email domain.

WhatsApp users receive a fake email stating that they have a voice message. Embedded in the message is a link that takes users to a page where a play button for the fake voice message is available.

Once clicked, users are asked the question “Are you a robot?” After clicking that they are not robots, a Trojan JS / Kryptik tries to install malicious software on the victim’s computer.

Once infostealer malware is installed, attackers can access the victim’s browser from where they can access personal data.

To protect themselves from this attack, users are asked to follow three security steps. This includes augmenting native email security with additional controls, watching out for social engineering cues, and using multi-factor authentication and password management best practices.