Messaging Apps Social MediaCybersecurity

Scammers use messaging apps in phishing attacks — Kaspersky

While it is no longer news that scammers use messaging apps to advance phishing attacks, cybersecurity solutions firm Kaspersky breaks down the most popular among phishing scammers. The anonymized data were voluntarily provided by Kaspersky Internet Security for Android users.

The biggest share of detected malicious links between December 2020 and May 2021 was sent via WhatsApp (89.6%), followed by Telegram (5.6%). Viber is in third place with a share of 4.7% and Hangouts has less than 1%. Countries experiencing the highest number of phishing attacks were Russia (46%), Brazil (15%) and India (7%). Globally, 480 detections were recorded per day.

According to research, messenger apps outstripped social networks by 20% in 2020, in terms of popularity among users, and became the most popular tool for communication. Survey results also show that in 2020, the global audience for messengers amounted to 2.7 billion people, and by 2023 it is expected to grow to 3.1 billion. That is almost 40% of the world’s population.

Kaspersky uncovers rare advanced threat campaign vs gov’t entities in Southeast Asia

Filling the gaps: The story of APAC’s cyber capacity building

“Statistics show that phishing in instant messenger apps is still one of the most popular tools among scammers,” said Tatyana Shcherbakova, senior web content analyst at Kaspersky. “This is partly due to the wide popularity of these apps among the audience, as well as the ability to use the built-in functionality of applications to carry out attacks. Sometimes it can be difficult to determine whether an attack is phishing, as the difference can be just one character or a minor mistake.”

Most popular messaging app globally

Kaspersky Internet Security for Android has added a new feature, Safe Messaging, which prevents users from opening malicious links that they receive in messenger apps (WhatsApp, Viber, Telegram, Hangouts) and through SMS. As a result, Kaspersky analyzed anonymized clicks on phishing links across messenger apps and found that between December 2020 and May 2021, 91,242 detections were recorded globally.

According to the statistics, Kaspersky Internet Security for Android detected the biggest number of malicious links in WhatsApp, partly due to the fact that it is the most popular messenger globally. The biggest share of such messages was detected in Russia (42%), Brazil (17%), and India (7%).

Among Kaspersky Internet Security for Android users, Telegram had the least amount of detections but was similar in geography to WhatsApp. The biggest number of malicious links were detected in Russia (56%), India (6%), and Turkey (4%). High figures in Russia are probably due to the increased level of popularity of this messenger in the country.

Based on statistics, Viber and Hangouts received a smaller number of recorded detections. The key difference between them is regional representation. The biggest number of detects in Viber was identified mostly in Russia with 89%, and the CIS countries: Ukraine 5% and Belarus 2%, and the majority of Hangouts’ detections were from the USA (39%) and France (39%).

In terms of the number of phishing attacks recorded per user on WhatsApp, Brazil (177) and India (158) led the way. At the same time, Russian users have become leaders in the number of detections on Viber (305) and Telegram (79) compared to other countries.

“Vigilance combined with anti-phishing technologies is a reliable tool in the fight against phishing in messenger apps,” said Shcherbakova.

To reduce the risk of falling foul of scams and receiving malicious links across messenger, follow these simple tips:

  • Be vigilant and look for misspellings or other irregularities in links
  • A “chain scheme” is common practice, where a scammer asks a user to share the malicious link with his contacts which then looks legitimate to other users, as it is from a person they know. Be aware and don’t share any suspicious links with your contacts
  • Scammers often use WhatsApp and other messengers to communicate with users who were found on a legitimate resource (for example, various marketplaces and accommodation booking services) and also use them as a method of communication in malicious messages. Even if messages and websites look real, the hyperlinks, most likely, will have incorrect spelling, or they can redirect you to a different place
  • Even if a message or letter came from one of your best friends, remember that their accounts could also have been hacked. Remain cautious in any situation. Even if a message seems friendly, be wary of links and attachments-
  • Install a trusted security solution and follow its recommendations. Security solutions will solve the majority of problems automatically and alert you if necessary.

Kaspersky customers in the Philippines can enjoy up to 50% discounts on selected Kaspersky products plus free e-gift vouchers worth up to 300 pesos (choice of Grab, GCash, or PayMaya).

Participating Kaspersky products are available from official partner stores in Metro Manila, official partner e-stores, and via Shopee and Lazada.