Don't Fall for the WhatsApp Gold Scam

Infosecurity Magazine | January 07, 2019

Don't Fall for the WhatsApp Gold Scam
A WhatsApp hoax message has reportedly resurfaced, raising concern among users who have received what appear to be different versions of fake chain messages that have been actually circulating for a few years. Scammers are leveraging the current state of cybersecurity – in which end users are constantly reminded to keep their software updated – with the return of a hoax message promoting a premier WhatsApp service. The message tells users to download a fake update called WhatsApp Gold, according to the Evening Standard. However, WhatsApp Plus and WhatsApp Gold are not applications developed by WhatsApp. Chain messages related to both of these fraudulent apps as well as the Martinelli virus scam have reportedly been around since 2016 and were deemed hoaxes in 2017. Threats of the malware’s return have resurfaced since the ringing in of 2019. A fraudulent message, the hoax promises users access to enhanced features in WhatsApp if they download the latest "secret" update. However, when users click on the link, they are potentially downloading a malicious software nicknamed WhatsApp Gold, according to Snopes.

Spotlight

QUICK & SECURE LOGIN. Deploy modern authentication options to support an optimal user login experience. PROVIDE A FRICTIONLESS EXPERIENCE. Provide the most frictionless user experience for your customers without compromising security. PROTECT MOBILE BANKING APPS. Attacks on mobile banking apps are increasing both in number and sophistication. Banks need to implement application shielding to detect and mitigate threats.

Related News

Cybrary Announces 7 Free Courses to Encourage Cybersecurity and IT Training Amidst the COVID-19 Pandemic

Cybrary | July 13, 2020

Cybrary, the world's largest online cybersecurity career development platform, today announced it is offering seven free courses for the month of July on topics ranging from threat intelligence and network security to Kali Linux and cloud. This new offering follows in the spirit of their Scholars Program announcement which was developed to support professionals impacted by COVID-19."The long-lasting effects of COVID-19 have been felt across industries and our dedication to supporting professionals impacted during this unprecedented crisis remains unwavering," said Ryan Corey, CEO and co-founder of Cybrary. "Through this free offering, we hope to give back and encourage ongoing cybersecurity and IT training to support people re-entering the workforce, and to help build a more secure digital world by providing learning opportunities available to everyone."These courses are available free for a limited time only, from now until August 1, 2020. To enroll in any or all of these free courses, please visit www.cybrary.it to sign up today.

Read More

Redscan Warns of an Influx of Cyberattacks When Businesses Return to the Office

Redscan | May 27, 2020

Cyber-criminals could be poised to trigger a wave of attacks on businesses when workers return to offices and reconnect to corporate networks. Redscan provided other recommendations to companies to tackle this type of threat, including updating anti-virus signatures, connecting all devices. The cybersecurity firm said organizations need to take action to defend themselves against potential hackers lying dormant on employee devices. Cyber-criminals could be poised to trigger a wave of attacks on businesses when workers return to offices and reconnect to corporate networks, Redscan has warned. As many countries such as the UK prepare to ease COVID-19 lockdown restrictions and allow more people to return to physical workplaces, the cybersecurity firm said organizations need to take action to defend themselves against potential hackers lying dormant on employee devices. There has been a substantial rise in threat activity over recent months, with cyber-criminals looking to exploit the sudden rise in remote working during the pandemic and the resultant lack of protection. In this period, Redscan has observed a surge in activity such as malspam, external scanning attempts to identify weaknesses in the use of remote access tools and account login attempts from unknown locations. It therefore believes there could be an influx of attacks when staff reconnect to company networks after returning to their workplaces, with attackers ready to launch attacks including ransomware across a company network. In order to prevent this situation occurring, Redscan said firms should sanitize all endpoints on the return to the office as well as closely monitor networks for evidence of compromises. Redscan provided other recommendations to companies to tackle this type of threat, including updating anti-virus signatures, connecting all devices to remote networks and educating staff about the latest risks. Learn more: LEVERAGING GREATER SOCIAL ENGAGEMENT FOR IMPROVED CYBER HYGIENE . “During the COVID-19 pandemic there has been a steady stream of organizations reporting cyber-attacks. However, this is only likely to be the tip of the iceberg. Many more organizations are certain to have been targeted without their knowledge.” ~ George Glass, head of threat intelligence Redscan Cybercriminals are taking advantage of the difficult situation at hand. There’s been roughly 6,000 coronavirus or COVID-19 themed domains registered over the past few weeks. These domains are 50% MORE likely to be malicious than other domains. Essentially, cybercriminals register these domains and trick unsuspecting victims into visiting them to download malicious software. People are afraid and uncertain now more than ever, which means they’re easier to trick into downloading information, updates or relief packages. “As employees return to work post-lockdown and connect directly to corporate networks, organizations need to be alert to the possibility that criminals could be lying dormant on employee devices. ” Here are some of the most common ways cybercriminals are leveraging the COVID-19 pandemic to wreak havoc and drain bank accounts: Phishing attacks containing alerts about the virus, information about cases in your area, or details to sign up for local financial benefits – often claiming to be from the CDC, WHO, or other governmental agencies. Phony domains set up to appear as video conferencing software websites, governmental agency websites, and other news and/or information websites offering downloads that contain malware. Alerts via email or text claiming to be purchase orders for masks, sanitizer, and other safety materials and products that have been ordered by the organization the victim works for – requesting a wire transfer for payment. People are working from home with minimal time to prepare in terms of cybersecurity measures to stay safe. People are adopting remote access and cloud-based technologies at an incredible rate around the world. There is currently a whole business around RDP on the underground market and the current situation has amplified this behavior. To stay protected, it is essential to follow best security practices, starting with the basics, such as using strong passwords and patching vulnerabilities. RDP ports are a vital means for many businesses to enable their employees to work from home, as they allow communication with a remote system. RDP ports are often exposed to the internet, which provides opportunities for attackers. With the sudden requirement to have large proportions of their staff working from home, McAfee believes it is likely that many organizations brought these systems online quickly with minimal security checks in place. This led to a growth in attacks against RDP ports as well as an increase in the volume of RDP credentials sold on underground markets. Learn more: NEW CYBER THREAT INDEX SHOWS INDUSTRIES ARE UNDER ATTACK IN UNCERTAIN TIMES .

Read More

SAM Seamless Network Joins the Telecom Infra Project and Demonstrates Network Security Leadership in Wi-Fi Project Group

SAM Seamless Network | June 22, 2020

SAM Seamless Network, a pioneer in home and SMB network security, has joined the Telecom Infra Project (TIP) Wi-Fi Project Group in order to collaborate with industry peers to transform the managed Wi-Fi sector, and provide intelligent and intuitive security services.The goal of TIP's Wi-Fi Project Group is to increase the pace of innovation in the Wi-Fi ecosystem, developing disaggregated end-to-end Wi-Fi solutions which will lower the total cost of ownership and offer more diverse choice of cloud driven connectivity solutions for to service providers and IT personnel who deploy Wi-Fi networks for SMB Enterprises, Campuses, Homes, Public Wi-Fi, among others. TIP is growing rapidly and includes industry leaders like Vodafone, Telefonica, Deutsche Telekom, British Telecom, Facebook and Intel and many others.Developing a new software platform using secure software development life cycle tools and deep cybersecurity expertise is critical for market adoption and assurance in the project's security posture. SAM intends to play a substantive role in TIP's Wi-Fi Project Group and plan to lead the open software AP security effort relying on SAM's extensive embedded security expertise and field experience.

Read More

Spotlight

QUICK & SECURE LOGIN. Deploy modern authentication options to support an optimal user login experience. PROVIDE A FRICTIONLESS EXPERIENCE. Provide the most frictionless user experience for your customers without compromising security. PROTECT MOBILE BANKING APPS. Attacks on mobile banking apps are increasing both in number and sophistication. Banks need to implement application shielding to detect and mitigate threats.