Attackers Use Voicemail Phishing Attacks To Steal WhatsApp Users’ Data

Russian hackers are using email spoofing and fake voice message notifications to steal personal information from WhatsApp users.

According to a report by e-mail security company ArmorBlox, almost 28,000 e-mails were sent using this method and linked to a page labeled ‘center for road safety of the Moscow region.’

The email was able to bypass Google’s and Microsoft’s email security checks after it appeared to come from a legitimate email domain.

WhatsApp users receive a fake email stating that they have a voice message. Embedded in the message is a link that takes users to a page where a play button for the fake voice message is available.

Once clicked, users are asked the question “Are you a robot?” After clicking that they are not robots, a Trojan JS / Kryptik tries to install malicious software on the victim’s computer.

Once infostealer malware is installed, attackers can access the victim’s browser from where they can access personal data.

To protect themselves from this attack, users are asked to follow three security steps. This includes augmenting native email security with additional controls, watching out for social engineering cues, and using multi-factor authentication and password management best practices.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web