Colombian hackers trick WhatsApp users to get massive bank transfers

Through its social networks, the Colombian banking institution BancoEstado issued a statement requesting its clients to keep abreast of a new form of fraud deployed through the instant messaging platform WhatsApp. In this fraudulent campaign, cybercriminals take control of some accounts in this service to write to the contacts of the affected user in order to request money due to a supposed emergency.

“Some people use WhatsApp contacts to carry out scams. If a family member or friend asks you for help through transfers, confirm it with that person directly”, recommends BancoEstado Twitter account.

On this scam, Colombian Cybersecurity Task Force Commissioner Julio Vargas mentioned: “This malicious campaign involves two crimes; in the first one, hackers hijack WhatsApp accounts and try to install them in other devices so users cannot detect fraudulent activity; further, they contact people in the victim’s phone list to trick them”.

The hijacking of the affected accounts is carried out with deception, assuring the victim that for security reasons an authentication code must be sent to a third party. Using this information, hackers are able to access the affected account on other devices with full control of the message history, contact list, and shared files.

Later, they begin to forge the second attack stage: “Victims receive messages from known people like their mother, brothers and sisters or even friends. Hackers ask for a money transfer arguing that the original victim needs it, so the affecter users are highly prone to be fooled”, added Vargas.

Victims later contact the original affected user just to find out that there was no emergency or money requesting, realizing that all was part of a digital scam. Vargas added that these attack variants are on the rise: “Hackers send massive messages related to alleged contests carried out by companies in which they award prizes for a particular marketing campaign. This attack variant allows hackers to collect victims’ sensitive information such as access credentials or web browsing history.”

“This information is used to commit other crimes, including unauthorized online purchases or creation of accounts on illegal platforms. These attacks are completed with relative ease, and the hackers have all the required information at reach.”

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.