Gone are the days when cybercriminals have to hijack accounts online in order to take out money from potential victims. A new scam on WhatsApp has just proven that cybercriminals are the most innovative people on earth.
Mobile phone apps like WhatsApp, Telegram and others that use phone numbers as user IDs have been the ground zero recently among hackers who want to syphon off cash from their unsuspecting victims. According to anti-virus vendor Kaspersky Labs, these fraudsters now devise contact numbers to create new accounts and reach out to its owners' friends for money.
"It can begin with an innocent call for help on a social media page, with the user giving their phone number to their friends. But criminals don't even have to wait for someone to upload a post with personal information," reads a report from Kaspersky Labs. "People are in the habit of revealing all sorts of personal data, making it available to anyone who cares to harvest it."
Subsequently, this enables criminals to take a look at the target's friends list and choose someone to throw under the bus. The unlucky one will then have a bogus profile, say in a messaging app, with his/her name and photo on it.
This is where it gets tricky: When the attacker handpicks his/her victim, sending the target a message as if the fraudster is the friend in dire need of help.
"It all looks very plausible: an old friend reaching out for help. Who wouldn't lend a hand? You don't immediately cotton on. Why would you?"
Kaspersky Labs has noted that people these days are lax when it comes to accepting friend requests while phone numbers are not so much of a big deal to take into account.
"A criminal can use this scheme again and again, finding new phone numbers online and registering new IM accounts."
The cybersecurity firm suggests a couple of highly needed measures to dodge the bullet in the future. First, reconsider the personal details that have been made available publicly in social media. Second, hide friends list on Facebook. And third, if someone asks for your help online, put in efforts to verify his/her identity, like calling the person by phone or asking questions that only the two of you could possibly answer.