FLASH: WhatsApp phishing scam

Last week, many folks became aware of a messaging app called WhatsApp due to the announcement of Facebook intention to purchase it for a paltry $19B.  Now there is a WhatsApp phishing scam circulating (actually its been around for several months, but seems to be making fresh rounds due to the acquisition announcement).

One receives an innocuous looking email from WhatsApp that says you have a new voice message.  You click on the “Play” button and it says that you need to load an app, player or update a web browser.  Commencing the download will load the malware on your phone or computer.

The primary target seems to be Android devices, since it’s difficult to load software onto iPhones and iPads outside the App Store.  Note: if your iPhone has been jail broke, all bets are off (see my post on The Hazards of Jail Breaking.)

Heres’s a screenshot of the email:

Screen Shot 2014-02-26 at 10.46.37 AM

A couple things to notice:

  • Though the return address says “WhatsApp Messaging Service” which looks OK, the actual return address is decidedly suspect.  This is one of the things I that look at before clicking on anything.
  • The “copyright” at the bottom says “2013 WhatsApp Inc”.  Its 2014 and companies are very careful to indicate the current year since to not do so could impact their intellectual property rights.  Also, there is no “copyright” or © designation. This is probably not something you’d notice initially, but after seeing the bogus return address, the error in copyright adds credence to the message’s fakery.

So, what are the takeaways?

  • First, never download software that you didn’t specifically ask for.  Also, download all software from known sites.  With reference to this one, if a software download were to be required, go to the WhatsApp website to download it.
  • Android has shown itself to be a more difficult mobile platform to keep safe than iOS, due to Android’s open nature.  There have been a large number of malware exploits specifically targeting Android.  Though it’s possible to get malware on your iPhone or iPad though the app store, its much less probable.  Android has become the target of choice for mobile exploits again because of its open nature and since it has the largest market share worldwide by far.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: