Beware of emails from Whattsapp

The National Cyber Security Centre (NCSC) is warning people of a phishing campaign that impersonates a WhatsApp voice message feature and could lead to the installation of information-stealing malicious software. (malware)

The attack starts with an email claiming to be a notification from WhatsApp of a new private voice message. The email contains a creation date and clip duration for the supposed message, and a ‘Play’ button.

The identity ‘WhatsApp Notifier’ masks a real email address belonging to a Russian road safety organisation. As the address and organisation are real, the messages aren’t flagged as spam or blocked by email security tools.

If the ‘Play’ button is activated, then it will take the email recipient to a website which then asks them to click ‘Allow’ in an allow/block prompt to ‘confirm you are not a robot’. Once ‘allow’ is clicked, the browser will prompt to install software that turns out to be information-stealing malware.

While there are numerous ‘tells’ that this is a scam, these attacks rely on people missing the signs – perhaps because they are waiting for urgent or exciting news that could well be delivered by a voice message. Or it could just be plain curiosity that leads to the recipient wanting to know who the message is from.

Forward any suspicious email to report@phishing.gov.uk

Follow us on

Twitter| Facebook|Cambridgeshire.gov.uk/against-scams