Scammers and cybercriminals have been known to target victims by luring them to send their personal details. The Singapore Police have officially issued a warning to WhatsApp users in the region on the current strategies employed by these scammers in phishing attempts.
The authorities stated these cyber criminals prompt WhatsApp users to scan their QR codes in a phishing website and dupe them into revealing their secure credentials. This is something new in the digital world and has been a challenge. However, exercising caution when dealing with online data is key to mitigating this challenge.
Singapore Police’s warning of WhatsApp phishing scams
Singapore Police issued a warning end of last week on the rising phishing scams that have targeted WhatsApp users. They informed on phishing scammers’ new “trick users into authorizing access to their WhatsApp account for the scammers.”
On Friday, October 27, the Singapore authorities claimed that a new strategy is being employed and has a new way of prompting users to reveal their personal information.
According to their warning, the phishing process invokes a fake WhatsApp Web website. The scammers use this method to take control of the user’s WhatsApp account and contacts through a fake QR code. The scammers direct victims to link their WhatsApp accounts to the fake website using the code that secretly grants them access to the website owner.
The victims who wished to use their accounts on their PCs searched for the official WhatsApp website using online search engines. Singapore police was quoted, “Thereafter victims would click on the first few search results generated by online search engines without verifying the URL addresses due to convenience.”
They added that the phishing scams are websites embedded with a genuine QR code taken from the app’s official website. Once the code is scanned, the website becomes unresponsive, and there is no redirection to the official WhatsApp Web page.
The scammers contact victims and ask for their personal info, including credentials for online banking. Some victims have even been prompted to transfer money to a bank account.
The Police also added victims could still use their accounts as the scammers still use them. Additionally, the victims can only know this malware development from their contact notifications of unusual requests. The police stated:
The victims would only discover that their WhatsApp accounts were compromised when they were notified by their contacts of unusual requests such as asking for transfer of monies or i-banking credentials.Singapore Police
Mitigation advice for scams
The public has been advised to exercise due diligence and only use the official WhatsApp Desktop Application and access the platform’s services on their Web page. Additionally, the police requested WhatsApp account holders to refrain from sharing their verification codes and use 2FA verifications on their app accounts.
Also, users should check linked devices to their accounts regularly.
Additionally, these scams have been a huge challenge even in the crypto industry, and this has been majorly attributed to the anonymity nature of the crypto space. One such recent phishing incident that happened last week targeted the LastPass platform users. In a report on October 30, more than $35 million was reported stolen. This also accounts for the 25 LastPass users who got scammed on October 25.
The password encryption platform lost over $4.4 million in a single day. This was after a breach of the platform’s cloud software last year. The breach had involved stealing employee credentials, according to ZachXBT, a blockchain analyst.
Based on the latest cybercrimes involving such scams, he commented on his X account and stated, “Cannot stress this enough: if you believe you may have ever stored your seed phrase or keys in LastPass, migrate your crypto assets immediately.”