Jump directly to the content
WATCH OUT

WhatsApp warning as dangerous voicemail scam ‘steals data’ from 27,000 users

A WHATSAPP voicemail scam dodged multiple layers of security to infiltrate servers and contact over 27,000 users.

The scheme targeted email addresses using Microsoft Office 365 and Google Workspace.

WhatsApp is a messaging platform compatible with both Android and iPhone
1
WhatsApp is a messaging platform compatible with both Android and iPhone

The attempted hack was first flagged by , an online security and threat assessment company.

WhatsApp users were sent an email with a "private voicemail" attachment under the subject line "New Incoming Voicemessage".

Despite the misspellings and red flags, the email was able to get around screeners by deploying what cybersecurity experts call ";brand impersonation" - a term for bad actors that give off the appearance of a legitimate business.

Unsuspecting users who opted to the false voice message were halfway to being hacked.

After clicking the embedded link, recipients were taken to a CAPTCHA screening - the "you are not a robot" tests that sites employ to deter bots.

But the test was merely a distraction scheme.

If users went through with the test's instructions, a piece of malware programming could be installed.

Armorblox wrote that passwords and credentials were at risk of theft for users that fell for the ploy.

Meta, WhatsApp's parent company, has had its hands full with aggressive hacking attempts across its platforms.

The conflict in Ukraine has emboldened Russian hackers trying to take advantage of defense systems that are spread thin - Facebook has seen an uptick in hack attempts since the onset of the war.

The email address associated with the WhatsApp phishing scheme has connections to a webpage titled "Center for Road Safety of the Moscow Region" - though this hack has not been confirmed to be orchestrated by the Kremlin.

WhatsApp has not been banned for use in Russia.

Read More on The US Sun

These attacks have customization programmed into them to make them more effective - the user's first name was plugged into the email to make it seem genuine.

A skeptical outlook and multi-factor authentication techniques are recommended to keep hackers from rummaging in your inbox.

We pay for your stories!

Do you have a story for The US Sun team?

Email us at [email protected] or call 212 416 4552.

Like us on Facebook at  and follow us from our main Twitter account at 

Topics