Military experts said recent computer-security incidents point to “high risk” from phishing against WhatsApp users and urged “particular caution,” according to a post on X.
Attackers seize a user’s account and impersonate its owner, sending crafted phishing messages to the victim’s contacts, WOC said.
The aim is to obtain login data and gain unauthorized access to additional accounts, which are then used to solicit money from the victim’s network.
WOC described a common takeover method that begins with a bogus voting request. A message—often appearing to come from a friend or family member whose account was already compromised—asks the recipient to “vote in a contest” and includes a malicious link.
The link leads to a fake site that prompts the user to enter a phone number and an eight-character verification code to “confirm the vote.”
Entering the code allows the attacker to take control of the user’s WhatsApp account, WOC said.
Accounts captured in this way are used to spread further phishing messages and attempt fraud, the unit added.
WOC advised users not to interact with suspicious messages, not to click links, and never to enter authorization codes.
It recommended notifying the apparent owner—preferably by phone—that their account may be compromised, and reporting the incident to authorities or IT security teams.
Users should also review connected devices in WhatsApp by opening Settings and selecting “Linked devices,” ensuring only their own devices are listed, WOC said.
Similar phishing patterns may be used on other messengers such as Signal and Messenger, it added, urging vigilance toward unexpected, urgent requests for help, votes or verification.
(jh/gs)
Source: PAP