There are many ways in which cybercriminals use WhatsApp as a hook to deceive users and gain access to sensitive personal information or to obtain other larger loot such as financial amounts or access to bank accounts. However, until now, this type of trick was carried out through the application itself, receiving a fraudulent message that generally included a suspicious link.
Scammers send emails posing as WhatsApp
But now a new scam is becoming popular that has to do with WhatsApp but has no place within the instant messaging application owned by Meta itself. What cybercriminals are doing now is impersonating WhatsApp using a method as traditional as email.
This has been alerted by the Civil Guard itself, which has published a message on its official Twitter account warning users of this new scam attempt. As they point out in it, the Internet User Security Office (OSI) has detected an email campaign in which the identity of WhatsApp is impersonated.
⚠#ALERT ❗ Detected again email campaign impersonating WhatsApp with a message that downloads a #trojan#NoPiques It pretends to be a backup of the conversations and the call history and urges you to click on the link to download it https://t.co/2D5QqrfsDX pic.twitter.com/Li7iqdQkMz
— Civil Guard 🇪🇸 (@guardiacivil) September 23, 2022
The modus operandi It is very simple. The user is made to believe that the sender of the message is WhatsApp, which includes a backup copy of the conversations held in the application. The user is requested to download it in order to have that backup copy and have all their messages and call history.
However, when it does, what actually happens is that it clicks on the link and what it downloads is a Trojan virus, which could be used to gain remote access or force the user to access pages with dubious content.
If you have received one of these emails, it is important not to click on the link (You should always be wary of those emails that do not come from a reliable source and that request the action of clicking on any link) and delete it immediately. Confirm in any case that WhatsApp is the sender and you will see how the address from which it is sent may be similar, but it does not come from WhatsApp. The instant messaging app does not usually contact users via email, let alone ask them to click on a link or download.
If the link has been clicked, it is best to use an antivirus program to ensure that the device has not been infected (or try to clean it using the selected software).