Unwanted messages come in many forms, such as spam, hoax and phishing
messages. Phishing Scams come in many varieties. Some are personalized, i.e.
‘spearphishing’, but most are sent out to the widest possible distribution. All
these types of messages are broadly defined as unsolicited messages that try to
deceive you and prompt you to act in a certain way.
You may be the target of a deceptive scheme if any of the following
describes a message you receive, via messaging apps like WhatsApp or email:
The sender claims to be affiliated with the
messaging app / WhatsApp.
The message content includes instructions to
forward the message.
The message claims you can avoid punishment, like
account suspension, if you forward the message.
The message content includes a reward or gift, such as an extended or
free subscription. Please note, most of these app vendors work on a yearly
service subscription model.
Beware of Phishing Scams
that Spoof Legitimate Web sites
One phishing email in particular is circulating the internet disguised
as a notification from the popular messaging service, WhatsApp. This message looks legitimate. Of course,
one sure way to tell it is fake is if you do not have a WhatsApp account. (WhatsApp says
in its official page that it does not use WhatsApp to send messages to you. It
also states that it also does not send its users emails about chats, voice
messages, payment, changes, photos, or videos.
You can also hover
your mouse over the button and see what URL it will take you to without
actually clicking on it. The links embedded in the email direct your
browser to a malicious or compromised website run by hackers. Once you’re on
the malicious site, malware is downloaded to your computer.
Don’t Click the Links! –
Dangerous Downloads
As you can see in this example, the button wants to take you to
livetonline.com, a website that has no affiliation with WhatsApp. If you
click the ‘Play’ button or any of the links contained in the email, your
computer may become infected. The link will takes you to a webpage that is telling
you that you need to download Adobe Flash Player before you can see the
message. If you already have Flash installed, especially the latest version,
this should be another tip-off that this is a scam. (Mac and iOS users cannot
be affected by this, as it downloads an executable (.exe) file, which only runs
on Windows. The file most likely contains a virus, but Apple products are not affected).
This strategic and clever tactic is typical. These scam emails started
appearing only one week after WhatsApp launched its web client. Before that,
there were similar phishing scams circulating, appearing to have come from a
WhatsApp mobile user. However, the timing of these new scams makes them seem
more legitimate.
This is just one particular example. There have been other emails
circulating around that look identical or very similar to the one above, though
they may try to get you to download something else malicious, or even display a
login page to collect your email address and password (this is a phishing
attempt).
Kuluoz is one of the malware downloads
associated with such a phishing scam. Kuluoz is a Windows targeted virus
designed to stealing documents in Microsoft Word and Excel format. It is also
capable of stealing all passwords stored in popular browsers like Firefox and
Opera.
The Android mobile platform
Because of its popularity, the Android mobile
platform has become an extremely profitable target for malware creators. Many
times Android targeted malware is distributed through phishing scams. Malware
sites associated with the ‘WhatsApp Messaging Service phishing scam’ can detect
Android users and download a virus targeted at Android mobile devices. One such
virus is droidFennec.out. The droidFennec.out virus allows an attacker to send
text messages, make phone calls and access the internet using your device. The
droidFennec.out virus can also enable permissions which would allow a hacker to
make payments using your accounts.
What to do if I receive these messages
Prevention is the Best Cure.
Block the sender, disregard the message and delete it. To avoid exposing
your contacts to potential harm, please never forward these messages to them.
If you think that your computer may be
compromised, go to the Microsoft Malware Protection Center for information on
how to detect and remove the threat.
A necessary defense against this type of
threat is antivirus software. Android users should ALWAYS run antivirus software to help defend
against the increasing threat of infection posed by Android targeted malware.
Malicious attackers are becoming more skilled
at ‘spoofing’ legitimate emails and websites. If you receive an email
notification from a website, go to the site by typing the URL in the address
bar of the browser yourself! If the message is from a website for which you
have no account or you think it may be fake, simply ignore it.