TURNS out WhatsApp voice notes aren’t as safe as you thought.
According to researchers, crooks are using a new phishing campaign that impersonates the popular feature to part you from your cash.
The scam is packaged in an email in which the attacker impersonates WhatsApp, experts at cybersecurity firm Armorblox wrote Wednesday.
It tells you that you have received a new private voicemail and to tap on a play button in the email to hear it.
Following those instructions will land you on a webpage that installs malware onto your device.
That dodgy download hunts down and hoovers up data on your phone or PC, potentially exposing you to credential theft.
Read more about WhatsApp
It’s possible that attackers could then use usernames and passwords stolen using the software to access your online bank account.
“The socially engineered email was titled ‘New Incoming Voicemessage’ and included a header in the email body reiterating the email title,” Armorblox wrote.
“The email body spoofed a secure message from WhatsApp and suggested that the victim had received a new private voicemail.”
Apparently, the attack has reached more than 28,000 inboxes already.
It has largely targeted organisations across healthcare, education, and retail.
The attacks are said to be sophisticated enough that they easily bypass Microsoft and Google email security filters.
It’s unclear who is behind the attacks, but they appear to run their operation through Russian websites, researchers said.
This does not confirm that the hackers are Russian, however, as they could have taken control of the domain from another country.
It’s one of a rising number of phishing campaigns targeting individuals and companies in the West since the outbreak of the Covid-19 pandemic.
Phishing attacks lure victims to a website that appears to be operated by a trusted entity, such as a bank, social media platform or other service.
The site, however, is phoney with fake content designed to persuade you to enter sensitive information such as a password or email address.
Attacks are most frequently spread over email but can also be contained in messages over chat apps such as WhatsApp.
It’s recommended that users protect themselves from attacks by installing security software on their devices and setting up two-factor authentication on their online accounts.
Be suspicious of messages sent to you by strangers and avoid opening attachments or downloading files sent in messages or emails unless you completely trust whoever sent them.
Read More on The Sun
If you’re worried that you might have fallen for a financial scam, the first thing you should do is contact your bank.
You should then report it to ActionFraud. Their website is actionfraud.police.uk, and their phone number is 0300 123 2040.
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered...
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk