Phishing tactics involve using a text message with a link that when accessed, downloads zero-day malware on a user’s smartphone. WhatsApp is a common platform for such messages these days.
SMS and email phishing is one of the most-known phishing tactics. Now, with the invention of instant messaging platforms like WhatsApp and Telegram, scamsters have also leveraged these platforms in their never-ending hustle to spam users with messages promising an easy paycheck, or free appliances, or other benefits and schemes on various platforms simultaneously. A recent report in Indian Express digs into some of these kind of WhatsApp messages, which promise an easy paycheck while working from home. “Join us and earn Rs 5,000 per day,” some of these messages read. The report says that the links included in these phishing messages usually contain malware that is installed on a user’s smartphone as soon as they click on it and in some instances, ask them to give up their financial details, ATM PINs, etc.
The report says that several unknown contacts sent similar messages which promise an easy paycheck by doing simple tasks remotely. Given how many people lost their jobs during the COVID-19 pandemic, it makes them all the more vulnerable to these kind of messages. After receiving such messages, Indian Express reached out to security experts at Check Point Software Technologies in order to get a better idea about the threat these messages pose. Check Point Software Technologies Managing Director for India and SAARC, Sundar N Balasubramanian told the daily that cybercriminals are leveraging people’s interest in working from home during the lockdown. He said that SMS phishing generally involves a text message with a single link to a fake account login page. He also said that in addition, new SMS phishing tactics use a text message with a link that when accessed, downloads zero-day malware on a user’s smartphone. Balasubramanian also said that scamsters are using new techniques to increase the effectiveness of their attacks. “These attacks are used to steal users’ credentials and data to access corporate networks and applications,” he told The Indian Express.
The links included with these phishing messages usually lead to a website that will ask for a user’s data and later use the information for illegal purpose, the Indian Express report said.
Now, there are no techniques that will stop these messages from coming to your smartphone. Since WhatsApp uses end-to-end encryption, it is also not possible to trace the source of such messages. However, there are a few tips that users can follow in order to stay safe from these kind of messages, starting with something as simple as ignoring these messages. Any message claiming to offer a free paycheck, gift, offer, etc, should just be ignored. Further, users can install an antivirus that will alert them if they have opened an unsafe mail.
Always remember, nothing in this world is free, so if someone is claiming to give something (especially Rs 5,000 per day), it would make sense to simply ignore it.