Hi Guys

Researchers at Armorblox have discovered a new WhatsApp phishing campaign that impersonates WhatsApp’s voice message feature to hack into your phone. The primary goal of this campaign is to infect devices around the world to spread information and bank account stealing malware (This malware can clear out your account in seconds). So far, the campaign has targeted at least 30,000 email addresses worldwide. It is very easy to be tricked by this type of attack, particularly if you are not tech-savvy (and in some cases, even if you are), so here is everything you need to stay safe. 

Firstly, how does the attack work:

* You receive an email that looks like it is from WhatsApp with this subject line: ‘New Incoming Voicemessage’

* The email says it is from an account called ‘WhatsApp Notifier,’ but if you look further, you will see it is from a domain called ‘mailman.cbddmo.ru.’ 

Note: Just because the address ends in .ru does not mean this is an attack from Russia. Anyone from anywhere in the world could have hacked this domain name to send the email. It is very easy to do, and the hackers could be based anywhere.

* In the message, there is a button called ‘Play,’ and the hackers are now hoping that you press it so that you can listen to your voicemail. 

* If you press the button, you will be taken to a page where you will be asked to confirm you are not a robot

* At this point, the remote attackers will attempt to download the malware onto your device. 

* If successful, your data is harvested, and an attempt is made to access your bank details. 

As you can see, it is a straightforward attack but is very powerful. And also, because the attackers are using a legitimate Russian domain name, the message will not be picked up by spam filters.

How do you stay safe against this attack:

* First off, WhatsApp will not email you to let you know you have a message. Any messages you receive are downloaded straight into the app. The first red flag is that they will never email you with this message. So, if you receive a message like this, delete it straight away, and you are safe. 

* Never click on a link in an email unless you are confident that it is safe and that you fully trust the sender. Check the domain name of the sender and do your homework. A few simple checks could save your account from being emptied. 

* Before you go to a website, check if it is safe first. Run the link through Incognito Website Checker, and we will be able to tell you instantly if the website is secure or not. In the case of this attack, you are asked to press a button that says ‘Play.’ All you have to do is right click the button and choose copy address, or on a smartphone, press and hold the button and select copy link. You can now paste this link into our checker, and you are good to go.

Please share this tip with anyone who uses WhatsApp. 

Have a fantastic weekend ahead, and as always, let us know if you need anything.

All the best,

Max Roberts,

Incognito Privacy Care Team.