Scammers are employing a new strategy to deceive chat app users by sending messages prompting them to participate in voting on various topics. Users should exercise caution as failure to adhere to basic precautions could lead to their accounts being compromised.
This emerging threat capitalizes on the popularity of voting contests that allow users to express their preferences for favorite sports personalities or actors. According to cybersecurity experts at Kaspersky, these messages may disguise malicious intent. Instead of genuine voting opportunities, the links provided in the messages direct individuals to fraudulent websites designed to steal personal information.
Kaspersky elaborated that the scam lures users to seemingly authentic webpages hosting voting competitions. These pages typically feature athlete photos with “Vote” buttons and live counters displaying supposed vote counts and user participation numbers. These elements create a false sense of legitimacy, enticing users to engage with the content.
Individuals who fall victim to this scheme risk disclosing their usernames and private 6-digit codes to fraudsters, enabling them to hijack the accounts. Tatyana Shcherbakova, Web Content Analyst at Kaspersky, emphasized the exploitation of trust in online voting contests by attackers. By leveraging social engineering tactics and convincing fake interfaces, cybercriminals exploit user engagement to pilfer sensitive data. Maintaining awareness and vigilance is crucial for safeguarding against such threats.
To protect against account hijacking scams, Kaspersky recommends the following precautions:
– Enable two-step verification: Utilize WhatsApp’s two-step verification feature to enhance security by requiring a PIN for account access.
– Verify website authenticity: Refrain from providing personal details on unfamiliar websites, particularly those accessed through unsolicited links. Always verify the legitimacy of the URL.
– Never share verification codes: Avoid sharing your verification code with anyone, as WhatsApp will never request it. Decline to provide or accept verification codes from any source, even if seemingly trustworthy.
– Utilize reputable security software: Employ trusted security solutions to identify and block malicious websites and links effectively.