HKCERT Urges the Public to Beware of Suspicious Messages Targeting WhatsApp Users

(Hong Kong, 12 June 2024) Phishing messages have been occurring increasingly in recent months. Hackers have been impersonating WhatsApp and creating fake websites to target WhatsApp users to conduct phishing attacks. The hackers send SMS messages containing phishing links, deceiving users into clicking on the suspicious link under the pretext of their accounts being blocked for violating the terms of service, and then tricking users into providing their WhatsApp account information.

Ongoing Phishing Activities Targeting WhatsApp Users

Hackers continue to send phishing messages, using fake websites with the aim of stealing WhatsApp users’ accounts to engage in illegal activities. These phishing messages often contain content that lures users to click on suspicious links, such as “Your account has been blocked for violating the terms of service, please click this link to reactivate it.” Once users click the link and follow the instructions on the fake website to provide their account information and linked their WhatsApp account to fake website, the hackers can then steal and gain control of the users’ WhatsApp accounts.

A screenshot of a phone

Description automatically generated

A screenshot of a phone

Description automatically generated

A screenshot of a phone

Description automatically generated

Hackers have been impersonating WhatsApp and creating fake websites to conduct phishing attacks targeting WhatsApp users.

The hackers may use the stolen WhatsApp accounts to send more phishing messages to the victims’ contacts, expanding the scope of the attacks. They may impersonate the victims themselves and request that their friends and family transfer funds or disclose sensitive information. Victims could lose their accounts, and even cause financial losses to their friends and family who get deceived.

Develop AI-powered Phishing Link Detection SystemAs there are as many as 100,000 new domain names added globally every day, and some suspicious phishing links with close resemblance to official websites have been found, the Hong Kong Computer Emergency Response Coordination Centre (HKCERT) is developing an AI-powered phishing link detection system, which can help to detect the newly added suspicious phishing links and response to phishing attacks. For the phishing websites targeting WhatsApp users, HKCERT has contacted the network providers to take actions to remove.

Stay Vigilant and Do Not Click on Suspicious Links

HKCERT calls on the public to stay vigilant and do not click on any suspicious links; consider thoroughly before providing personal information to any person or organisation; and do not open any URLs or attachments from suspicious emails or SMS; Regularly check the linked devices in the WhatsApp settings and log out of any devices that are no longer in use; use the “Scameter” of Cyberdefender.hk to identify frauds and online pitfalls through email, URL, IP address, etc.

To learn more about Preventive Measures Against WhatsApp Account Theft, please visit the following pages:

https://www.hkcert.org/blog/hkcert-alerts-the-public-on-preventive-measures-against-whatsapp-account-theft

Businesses or members of the public who wish to report to HKCERT on information security related incidents such as malware, phishing, denial of service attacks, etc. can do so by completing the online form at: https://www.hkcert.org/incident-reporting, or calling the 24-hour hotline at +852 8105 6060. For further enquiries, please contact HKCERT at hkcert@hkcert.org.

Check Also

Ramaswamy’s Response to ‘Why Are Hindus Always the Soft Target?’ Provokes Broader Debate on Religious Tolerance

The recent interaction between Republican candidate Vivek Ramaswamy and an American citizen, who labeled Hinduism …