Specialists draw attention to the deceitfuls increasingly encountered on the WhatsApp mobile messaging application, in which online criminals manage to compromise the victims’ accounts or convince them to send them money.
Misleading messages on Whatsupp. Source: mobile catches.
Over seven million Romanians have installed the WhatsApp mobile messaging application, some statistics show. WhatsApp has remained one of the most popular applications in the phones used by Romanians, but it is not without risks.
The deception by the “voting adel” method
Many users of the mobile application received misleading messages, which were apparently sent by people from their contact list. In reality, the messages were sent by the online environment offenders, after they were able to compromise the expert accounts.
“Hello, please vote on Iuliana Diaconu in this survey, she is my friend’s daughter. The main prize is a free education scholarship for a year. It is very important for her. Thank you.” It is such a message received by Romanians on WhatsApp.
Such messages appear under different variants such as “votes adeline” or various other fictitious names, their purpose being to attract those who believe that they come from people from their list of contacts.
The recipients are directed to a link, which if they access it can lose their stored data in mobile phones.
The scheme used successfully lately is used by a technique as simple, as effective, shows the National Cyber Security Directorate.
“The message is accompanied by a link that redirects to a phishing site that, usually, contains the words” votes “and” dance “, and in the end the extension” .Top/home “. Those accessing the phishing site arrive on the site to be asked to certify that they have offered that vote by offering a six-digit code that is sent to them on the phone. The WhatsApp account – a 6 -digit authentication code that is transmitted on the specified phone number.”, Reports Mihai Rotariu, communication coordinator of the DNSC.
Accessing the false site transmitted by the attackers and providing the authentication code can lead to the compromise of the account, which endangers the list of contacts with which the account is associated. The hijacking of the account by the attackers can lead to its blocking on spam.
“If you take course on the requests of the attackers and make the transfer, you can undergo financial damage without the possibility of recovering the funds”shows the DNSC representative.
Pay attention to messages you are asked for money
Another false message received by Romanians is the apparently submitted request by people close to or known to send money. In reality, this kind of messages are also transmitted most often by those who have compromised their WhatsApp accounts of the shipments.
“This second step by which the attackers try to directly monetize this type of attack involves the transmission of all the contacts corresponding to that WhatsApp account to a message asking for money. I need my card or Revolut, I give it back tomorrow. “shows Mihai Rotariu, communication coordinator of DNSC.
If the victim sends money, the attackers persist and come back with a message in which another amount of money is requested, respectively 2,000 lei, the frame-cap. “I’m sorry to bother you again, you couldn’t transfer another 2000 there? I miscided a little, I will return everything tomorrow.”completes the DNSC representative.
The National Cyber Security Directorate transmits that, in recent years, the online offenders have strongly migrated to methods of propagating attacks through social media platforms or messenger platforms.
“Why has this happened? First of all, it is a cynical calculation related to costs, because they no longer have to invest in an infrastructure to launch their traps in the online environment. At the same time, social media accounts or accounts on chat platforms bear an invaluable value because they generate confidence. Provide that amount without asking questions. shows Mihai Rotariu, communication coordinator of DNSC.
How can you protect yourself from fraud on your mobile
DNSC offers some recommendations to those who want to protect themselves in the face of such fraud:
• Think logically, read carefully when you receive a message and do not act in a hurry.
• Do not click on links from text messages from unknown sources. Do not call your phone numbers received and do not respond to such suspicious messages.
• Never provide sensitive information by SMS.
• Pay attention to text messages that require you to act immediately or make emergency payments.
• Check the association of devices and delete all associated devices.
• Enable two steps (2FA) authentication, to add another level of security to the account and prevent their association in the future.
What can you do after you have been deceived
• If you still have access to your account, go to the Settings section (settings/configurations), then select ‘Linked Accounts’ (associated devices) and remove from the list unknown devices, then activate the authentication in two steps (2FA), if you have not already.
• If you no longer have access to the account, it will be necessary to contact the aid center to take the necessary steps to recover the account. The DNSC team has made available to the general public and a guide dedicated to securing and recovering the main social media accounts, which you can access and download from the DNSC.ro website: https://www.dnsc.ro/pagini/Ghid-retele-social
• Contact your bank immediately, if you have provided card or authentication data to your account, or if you have made a payment to attackers.
• Notify in different ways the person whose identity is used to help solve the confusion generated by the fraud.
• As soon as you recovered your account access, send a message to people who have received unsolicited messages from attackers from your account, to avoid falling into the trap.
• Contribute to the propagation of awareness information in this case! The more users are informed about this attack scenario the smaller the number of potential victims
• Report the incident to DNSC (by the PNISC platform or on the 1911 phone) and to the Romanian Police ([email protected]) if you have undergone financial damage.
• Train yourself to avoid the main threats in the online environment on the website of the National Awareness project safety.ro.
