The pitfalls of the most beloved App leverage the human factor…
WhatsApp is increasingly turning into the new gateway for cybercriminals.
After all, we are talking about an App that has become indispensable not only for personal use, exchange of photos, videos, voice, documents but also for professional communications and exchanges.
Suffice it to say that it is the most widely used in the world, counting about 2 billion users. In July 2024 in Italy it was used by 35.7 million people or83.8 percent of adults aged 18 to 74.
That is why, although it has long been much “touted” by cyber criminals, it has recently returned to the headlines for two scams that are already reaping their first victims.
The first is related to the search for a job and the second is related to a “good deed” from which it can be difficult to escape. Both leverage the very “human” emotional element that, leaving aside the slower and more reflective rational analysis, aims to trigger a “hot”, instinctive and quick reaction from which it is then difficult to turn back. A classic ploy by criminals to steal sensitive data and money.
The Curriculum Scam
It is estimated that every day, between 3 and 4 million Italians are engaged either in seeking employment or in a different job than they currently already do.
Thus, an important pool of people who devote part of their day to reading ads, sending resumes, following social trends. People who are very focused on goal that can become for some even an obsession and, as such, involves first and foremost the emotional sphere.
“We received your resume, add us on WhatsApp to talk about jobs.”
This is the phrase that is reaching private cell phones. Scammers, pretending to be representatives of companies, propose an attractive and easy job offer. A bait to attract attention and prompt the victim to add the number on WhatsApp.
Once the prey has fallen into the trap, truly thinking that their resume has been favorably evaluated, they will contact the number dictated by the voice recorded on WhatsApp. Here, another voice posing as an employee of the company’s “human resources” department (they often exploit the name of famous brands) will ask the victim to contact someone on Telegram who will follow up with her on the placement.
Thus begins the new work adventure. Typically, the tasks required involve simple jobs at first, such as putting likes on famous social network posts to videos of influencers or advertisers. Then they move on to more special requests such as a purchase with reimbursement and earnings to end with investing money on unknown exchange platforms made specifically with the goal of stealing money from the victim.
The next suggestion is to invest money in an online trading platform that would give access to quick and easy gains. Of course, the moment this happens, the scammers disappear into thin air, taking with them the money and personal data they have collected.
At that point the victim will probably realize that she has been scammed. But by then it will be too late, the damage has been done, and in addition to not having found a job she will also have suffered a major theft.
The good deed scam
But, as we said, there is another scam running through the well-known messaging app.
It works like this: the user receives a message saying “Hello! Please vote-it’s my friend’s daughter, the main prize is a scholarship.”
In this case, the message contains a link to click to enter the contest. What is very misleading is that the link was sent from a contact in the address book. As the Postal Police explains. “The proposal may seem inviting and the message from our friend harmless. On the contrary, by clicking on fraudulent links and communicating our personal data, unscrupulous cyber criminals can access the contacts in the address book, seize our accounts, and steal our identity to commit other scams.”
“The strategies used to make the new phone scams credible,” the Postal Police further explains, “aim to overcome users’ natural distrust of international numbers and unknown contacts by using names in the address book and users with +39 prefixes.
The concept is always the same: criminals take advantage of our distraction, haste, emotionality and vulnerability. So of our “human factor.”
The advice is to always be wary, unless we are more than certain of the source, of anything that comes to us via email, phone, text message or other WhatsApp-like applications, especially if the message or phone call asks us to click on unknown links or hand over our personal information. Never send money to online investment platforms without first doing thorough research.
Of course, the number from which the contact request comes must be blocked and, if necessary, reported to the Postal Police.
Above all, however, it is important never to be found unprepared.
As with all cyber scams, what is targeted is human behavior, because it is always the weakest link, the crack through which the crime slips. It is therefore on that that defenses must be strengthened. To build, in short, an immune system that guards in the round against the many pitfalls of technology. Especially when we are dealing with sensitive data and corporate information.
A goal that can only be achieved through quality continuing education courses that include hands-on exercises and simulations of everything that can happen when we are connected. That is, all the time.
