WhatsApp is one of the tools that cybercriminals are most interested in. Recently, the Office of Internet Security —part of INCIBE— has warned about a new campaign in which fraudsters impersonate the messaging app owned by Facebook -which has 2 billion users worldwide- to infect their devices and steal information.
As in so many other cases, the scam begins with an email in which the cybercriminals pretend to be WhatsApp. To arouse the user’s interest, it identifies itself with the subject line: ‘Backup of WhatsApp messages *913071605 Nº (xxxxx)’, although INCIBE does not rule out the possibility that there are other emails with different subject lines.
In the message, which contains drafting errors and mistakes, the cybercriminals invite the user to click on a link to supposedly download a backup copy of their conversations. INCIBE notes that the date of issue at the bottom of the message is usually very close to the day the email is received, or even the same day. However, it could also appear to be out of date.
The institution also points out that the domain of the sender’s address does not belong to WhatsApp. Although there could be other cases in which they pretend to belong to the company itself, as this field is easy to falsify.
The malicious file is downloaded after clicking on a link contained in the message, although it could also be displayed as an attachment. In any case, the code is reported to be Trojan-like; it is designed to steal information and credentials from the victim.
From Esferize we remind you that, in case of doubt about the legitimacy of an email, you should not click on any link. And much less download any attachment. To check the veracity, you can contact the company that supposedly sent you the email; always through their official customer service channels.
