Scammers are employing a new strategy to deceive users of chat apps by sending fake voting messages that could lead to account hijacking if precautions are not taken. The scheme exploits the popularity of voting contests, purportedly allowing users to express their preferences for sports stars or celebrities. However, these messages contain links redirecting users to fraudulent websites aimed at stealing personal data rather than facilitating genuine interaction.
Kaspersky’s security team has cautioned that these deceptive webpages present a facade of legitimacy, featuring images of athletes with “Vote” buttons and fabricated vote counts to create a sense of authenticity and encourage user engagement. If users fall for the scam, they may unwittingly disclose their usernames and private 6-digit codes, enabling scammers to compromise their accounts.
Tatyana Shcherbakova, Web Content Analyst at Kaspersky, highlighted the prevalence of online voting contests and the exploitation of users’ trust in such innocuous activities by cybercriminals. By leveraging social engineering tactics and convincing fake interfaces, attackers exploit user engagement to pilfer sensitive information. Shcherbakova emphasized the importance of awareness and vigilance to safeguard against such threats.
To mitigate the risk of account hijacking scams, Kaspersky recommends the following precautions:
– Activate two-step verification on WhatsApp to enhance security by requiring a PIN for account access.
– Exercise caution when visiting unfamiliar websites, especially those accessed through unsolicited links, and verify the legitimacy of URLs before entering personal information.
– Refrain from sharing verification codes with anyone, as WhatsApp never requests this information.
– Employ reputable security software to identify and block malicious websites and links effectively.