WhatsApp: This is a new attack that is increasing the theft of money

Attackers use WhatsApp to commit fraud (Photo: REUTERS / Dado Ruvic / File Photo)
Attackers use WhatsApp to commit fraud (Photo: REUTERS / Dado Ruvic / File Photo)

Share It is a tool that millions of people use daily to communicate. Being such a big digital platform, Cybercriminals see it as an opportunity to commit fraud Like online Identity fraud.

Accordingly ESET, Internet Security Focus System, Online impersonation scams are on the rise Due to the fact that copying a profile is “easy”, it adds to the average user’s lack of awareness about the information they post on the Internet.

This type of fraud is carried out on WhatsApp, where attackers pretend to be someone else for easy money. It works in the following way:

– First received a message from an unknown number, which the attacker uses to impersonate someone nearby. Although the number varies, the profile is a copy of the legal one, including the photo and name, in addition, They use a family nickname Get confident soon.

Cyber ​​Attacks to Fraud (Photo: SDR Mexico)
Cyber ​​Attacks to Fraud (Photo: SDR Mexico)

– After reaching a brief conversation, he begins to talk about the impersonator Buying USD Ask if anyone interested knows.

– If you get a buyer, ask for a transaction. The fraudster receives the money, and the alleged dollars are never paid.

To Avoid this type of fraud The first thing is to ask directly if the original spokesperson changed their number and suspect any news regarding the request for money, especially if it is unusual such as the exchange of US dollars.

In addition, the original contact will be prompted Lets you know if you have been the victim of a phishing attack Also, do not pay attention to messages that appear to be yours, but with a different phone number you can alert everyone you know in a timely manner.

Attacker mode (Photo: ESET)
Attacker mode (Photo: ESET)

The question that arises when looking at all this is: How do imposters get the victim’s contact numbers?

Accordingly ESET, The fraudster will have a backup Access to contact list, victim name and photo. All of these in one source So-called social engineering technique Fishing.

“A few months ago a user was the victim of a phishing email that changed Microsoft’s identity and contained They asked for testimonials using the unusual act as an excuse On the account of the victim. A classic social engineering hoax. “

When victims fall into the mail Fishing They give cybercriminals access to your account, your account backup, contacts and other stored information. All of this data is used to impersonate your identity and ask for money from people you know.

Cybercriminals attack unsuspecting individuals (Photo: Pexels)
Cybercriminals attack unsuspecting individuals (Photo: Pexels)

“One of the key features of this scam, and many users are unaware of Facility to get synced contacts including email account. For example, in the case of a Google Account, search the “Contacts” submenu in Gmail. By then you can sync all the contacts with the numbers and names assigned to them, but you can export them in the best format for this type of attack, “said Martina Lopez, a computer security researcher. ESET Latin America.

According to the company, By mid-November 2021, the number of cases using this tool had increased. Procedure And, to this day, it continues to be used by cybercriminals.

To avoid falling victim to these attacks, it is recommended People should be wary of emails asking for credentials, as this is not a typical utility method, and avoid sharing too much information on frequently unused accounts. Enable dual factor authentication Their profiles.

Read on

Leave A Reply

Your email address will not be published.