WhatsApp Users Targeted in New Phishing Scam Using Google Drawings
- Views: 46
Cyber threats continue to evolve in 2024, presenting new challenges to users. A newfound phishing scam steals sensitive information from users through Google Drawings and WhatsApp, tricking them into giving up their credentials.
Although site redirection isn’t a new tactic, deception through unofficial WhatsApp messages can lure many into opening malicious links. After all, it’s one of the most widely used—and trusted—messaging apps.
The latest scam is particularly concerning because it disguises fraudulent messages as legitimate. Let’s learn how this phishing scam works and what steps you can take to save yourself from cyber threats.
How Does the New Phishing Scam Using Google Drawings Work?
The Google Drawings scam begins with a seemingly innocent WhatsApp message that appears to come from a familiar contact or trusted organization.
This familiarity increases the likelihood of recipients engaging in a conversation or clicking on the link, which eventually leads to a Google Drawings file.
Previously, cybercriminals relied on email attachments or redirection links to malicious sites. However, the new Google Drawings scam misuses Google’s repute, which makes it easy to bypass security filters.
The file looks legitimate because it features professional branding, language, and logos to create a sense of authenticity. But as soon as the users interact with the drawings, it redirects them to a fake login page that requires them to input sensitive information (such as account credentials)
If they do so, the cybercriminals immediately collect the details and misuse the login credentials, financial information, or other personal data.
According to cybersecurity experts, this phishing scam uses well-known websites with a solid repute to host the attack elements.
Menlo Security researcher claims that this new phishing scam is a great example of a Living Off Trusted Sites (LoTS) threat.
In simple words, attackers exploit the credibility of websites like Google, WhatsApp, and Amazon. The use of shortened WhatsApp links makes these phishing attempts difficult to detect. This gives attackers an edge in collecting sensitive information for unsuspecting users.
What Makes the Google Drawings Scam a Success for Cybercriminals?
The interesting aspect of this new phishing scam is that it successfully deceives anti-phishing mechanisms through various filters.
Think of it this way. If a robber wants to break into a house, their priority isn’t dodging the cops head-on; instead, it’s sneaking past the fence and avoiding security cameras.
By going undetected through the fence and the security cameras, they’re more likely to get away with it and avoid the cops altogether.
Similarly, this newfound cyber attack blocks traditional phishing detection methods. Since the links or attachments don’t trigger security filters, they often go unnoticed.
Just like an unknown person would likely be stopped from entering your property. However, if someone you know attempts to enter, they might gain access more easily. Similarly, these attacks exploit familiar platforms and manipulate users to evade detection.
The Strategy Behind the Scam
Personalized messages, trusted contacts, or mimicking communication from reliable organizations make WhatsApp links more convincing.
Users who click the phishing scam links are redirected to an Amazon login page. The URL is made from two shortened, unintelligible links that deceive URL scanners.
Cybercriminals can collect personal information, credit card details, and other sensitive credentials by concealing URLs and creating a fake Amazon login page.
Once credentials are collected, the IP address is rendered inaccessible. This adds an extra layer of disguise, making it easier to go undetected by anti-phishing mechanisms.
6 Best Prevention Practices to Keep Yourself From Phishing Scams
Around 16% of all data breaches involve phishing. However, identifying a phishing scam is challenging because the scammer pretends to be someone legitimate.
You can protect yourself from these phishing activities through proactive measures and keeping an eye out for fraudulent messages.
1. Inspect the Links
When receiving a link from a trusted contact or organization, you must carefully inspect the link. If the link redirects you to a login page, hover over the link to see the URL.
In case you reach a suspicious site, avoid opening it. Legitimate sites such as Google Drawings do not ask for personal information.
2. Cross-Check Information With the Sender
Be wary if a known contact sends you a message containing a link. Before you text them back, you can make a quick call to inquire about the link. If something feels unusual, verify the information and collect details.
3. Do Not Reply to Unexpected Messages
Messages from unknown numbers are a red flag. If you receive a link or suspicious attachment in a message, avoid interacting with the content.
Pause and think! Is the message asking you to rush or threatening you? Does the link ask you to share a password, name, login, or other personal information?
If the message ticks the box for any of these questions, immediately stop the conversation. Verify the contact’s identity. If you cannot do so, do not provide your personal information or credentials to your accounts.
4. Enable Multi-Factor Authentication (MFA)
Always check MFA (Multi-Factor Authentication) for websites or applications you use and always enable it by default. Multi-factor authentication adds additional security filters and prevents unauthorized access to your accounts.
5. Update Your Privacy and Security Settings
Open WhatsApp and adjust your privacy settings. Go to privacy settings and control who can see your personal information. Also, look for ‘who can contact you’ on WhatsApp.
6. Update Your Software
Like many users, you may also ignore the simple update containing “bug fixes and security patches.” These new software or system updates contain patches that can close exploits and fix security bugs.
You must install them promptly to prevent cybercriminals from finding a security loop on your devices. To avoid this newfound phishing scam, make sure your WhatsApp is updated for security fixes.
Wrap Up
Popular messaging platforms like WhatsApp have become a target of fraudsters. In fact, a whopping 90% of phishing attacks through text messaging apps are sent via WhatsApp.
The misuse of reputable sites like Google Drawings and WhatsApp is especially concerning, as even the most vigilant users can fall victim to these sophisticated scams.
To prevent cybercriminals from accessing you, you must take proactive measures such as updating your privacy settings, inspecting links, and enabling MFA.
Stay alert and report any suspicious message to prevent cybercriminals from getting the upper hand!
You Might Like
