Scammers are deploying a new tactic to deceive chat app users by sending messages prompting them to vote on various topics. Failure to adhere to precautionary measures could result in account hijacking due to the exploitation of popular voting schemes.
Kaspersky’s security team warns that these messages, disguised as interactive voting opportunities, actually contain links redirecting users to fraudulent websites aimed at stealing personal information. The scam lures users to seemingly genuine webpages hosting voting contests, featuring photos of athletes with a “Vote” button and live counters displaying alleged vote counts and participant numbers, creating a false sense of legitimacy to engage users.
If tricked, individuals might unwittingly disclose their usernames and private 6-digit codes to scammers, enabling them to take control of the account. Tatyana Shcherbakova, Web Content Analyst at Kaspersky, emphasized the prevalence of online voting contests being exploited by attackers. By leveraging social engineering and convincing fake interfaces, cybercriminals manipulate user engagement to extract sensitive data, underscoring the importance of awareness and vigilance for online safety.
To safeguard against such hijacking scams, Kaspersky advises users to:
1. Enable two-step verification: Activate WhatsApp’s two-step verification feature to enhance security by requiring a PIN for account access.
2. Verify website authenticity: Refrain from sharing personal details on unfamiliar websites, particularly those accessed through unsolicited links, and always validate the URL’s legitimacy.
3. Never disclose verification codes: WhatsApp never requests verification codes; therefore, avoid sharing them with anyone, even if prompted by a seemingly trustworthy source.
4. Utilize reputable security software: Employ trusted security tools to identify and block malicious websites and links effectively.
