Guide not to fall for scams that are carried out through WhatsApp
2020 was the year with the highest number of attacks by virtual or digital means in the country, as revealed by the recent report of the ICT Analysis and Creativity Tank (TicTac), which indicates that there was an increase of 89 percent compared to 2019 in the number of complaints.
In this panorama, communication channels such as WhatsApp are being increasingly used by attackers to promote deceptive messages that seek to scam or steal users’ personal information.
(You may be interested in: WhatsApp: How to pixelate photos before sending them?)
In this, a very common tactic plays and they are social engineering attacks, where a cybercriminal impersonates a brand, organization, government entity, among others, sharing messages that seek to the person takes an action such as downloading a malicious file, entering a fake web page, or entering personal data and private such as bank credentials or social media accounts, among others.
In this modality, attackers take advantage of issues that are moving among the population and that generate concern, an example of this is the increase in malicious messages related to the pandemic of covid-19.
(What’s more: Don’t fall! This is the new modality of theft through WhatsApp)
“Social engineering is based on emotions, what the attacker is looking for is for the person to be blocked by an emotion and perform an action that the attacker wants. In the midst of a pandemic, where people are afraid, they are worried, attackers have taken advantage of this to move their hook messages. As long as There is a global issue that can be massive, as occurs with important dates such as Christmas, Valentine’s Day or days of discounts such as Black Friday or Cyber Monday”, Assures Cecilia Pastorino, specialist in Computer Security at Eset Latin America.
What must be considered?
At first, you have to verify the origin of the message you receive and if it is part of information chains that are not verified. On many occasions Criminals promote a message and ask the person to share it among their contacts in order to participate in a certain offer or benefit and thus give more truth to the message, since it comes from someone they know.
Among the deception tactics identified through WhatsApp is redirecting the communication to a web portal, which pretends to be the official site of the company or body that supposedly sends the message.
Once there, the user is asked to enter their personal data, such as full names, email of a specific account, password, even bank credentials or credit card data. Before you include your information, ask yourself what it is being requested for.
(What’s more: Drunk mode, the app that could save you from suffering penalties for the drink)
Remember that no financial institution is going to request information such as security codes through this type of digital messaging channels. If you receive a message requesting this type of information, it may be a scam.
What the attacker is looking for is that the person is blocked by an emotion and performs an action that the attacker wants
Avoid accessing that link and if you have any questions about the alert that is sent through the communication, go directly to the entity’s website through your browser and not through the URL shared in the message or communicate directly to the telephone lines of the entity. If upon entering this you are not notified of the alleged errors or benefits that were sent to you through the application, it is a scam. So you must ignore the message.
Also, be suspicious of messages that have generic senders, that is, where they do not identify you by name. For example, communications that include greetings as dear user, sir or madam or beneficiary.
(Read also: The function that WhatsApp prepares to log out of the application)
On the other hand, it is important to carefully read the information that is given to you, do not trust offers that are too good to be true or benefits that you have not heard about through official channels or the media.
“Cybercriminals continue to use this technique to steal personal and financial information, and also as a strategy to carry out more sophisticated attacks targeting government entities or businesses”, Assures Camilo Gutiérrez, Head of the Eset Research Laboratory.
Finally, it is recommended that you have the double authentication mechanism activated in the accounts you use, with this, if at any time you provide the attacker with your login details, they will not be able to enter because they will need an additional code or biometric verification to access .
You may also be interested in:
– WhatsApp: how to know with what name my contact was saved?
– The possible risks behind alternate versions of WhatsApp
– Chinese hackers gained access to Microsoft users’ email
Twitter: @ TecnósferaET