New age Phishing through social media applications
A simple attack presently helped cyber criminals to carry out globally with rise of use of the social media apps during this pandemic time of Covid. Now FB messengers, telegram, Instagram, WhatsApp became the playground for the hackers. This WhatsApp attack shows us that social engineering is not limited to phishing emails only.
One of the key indicators of a social engineering attack can be how the message makes you feel. It focuses on emotional response of the victim to act quickly.
How they target;
Basically, through suspicious links either directly or through embedded to image or video or pdf files. It can be, believe me.
Scene-1
Once the attackers have access to your WhatsApp account, they do have access to all of your WhatsApp contacts and groups and will receive any new messages sent to your account. From there the attackers can message your contacts posturing as you are sending those messages and may ask your friends and family for money for an emergency need.
Scene-2
When you get a new device and download and install WhatsApp from Play store, WhatsApp will then send a 6 digit verification code to the mobile number you have entered. This code verifies that you own the mobile number and device. Once the 6-digit code has been entered that device will then receive WhatsApp messages for that account.
In this attack, the attacker will have already compromised someone’s WhatsApp account (they could have done this via Facebook, not necessarily WhatsApp itself).
Here, the account they had compromised belonged to an old friend or known person. The attacker then sends a message to the friends of the initial victim stating they have accidentally sent the code to them, or they have issues in receiving the code.
Here you can see that the attacker tells they 'sent' you the code by mistake, please send back to me. If You sent back 6-digit code, the attackers will successfully compromise the WhatsApp account, too.
Scene-3
Since November 2021, this has came to notice some messages in WhatsApp being received that “Is it you in the Video” with a suspicious link. This is a social engineering or phishing attack where, if you click on the link, it will provide a user credential fake page for your FB or messenger. Then if you try to log in to that fake account, then your original account gets compromised.
Similarly, the attacker sends the same message to all your contacts to follow the same steps.
What to Do?
- Use (Two Factor Authentication) 2FA on any account for safety.
- Use Password Manager.
- Use Anti-virus for mobile too.
- Do not receive any WhatsApp calls.
Please refer to below a State Government guidelines shared here for awareness purpose.
Please follow guidelines and stay safe!
No comments:
Post a Comment