How this job offer WhatsApp message allowed spying thousands of user accounts easily

Since its mass adoption as an instant messaging platform, WhatsApp has been a tool widely used by cybercriminal groups to deploy some scam variants. One of the most recent fraudulent operations on this platform was detected in Mexico, with dozens of users receiving an alleged job offer from the fake company Victoria Marketing Alliance.

Although it is unknown exactly who may be behind the message and their intentions, cybersecurity specialists warn that the message puts both the user’s information at risk and opens the possibility of being severely scammed.

The sender of the message claims to be in a recruitment campaign, offering supposed vacancies to work in exchange for 1,000 Mexican pesos (about $50 USD). The message includes a link that allegedly opens an additional WhatsApp chat where the target user will be scammed.

It is still unknown who operates this campaign and for what purposes, although cybersecurity experts foresee that hackers will try to gain access to personal information and banking data of affected users.

Cybersecurity specialists say that these frauds are becoming increasingly elaborate, employing effective tactics to attract the attention of affected users, in addition to hackers knowing exactly how much information to deliver to victims before letting their true intentions are seen.

On the other hand, experts point out that there are multiple methods to obtain phone numbers of potential victims, including the purchase of databases or the use of online data collection tools. Other hacking groups act even more rudimentarily and simply use random phone numbers.

For security, users are advised to ignore these types of messages, especially if they are unsolicited job offers, if they include links or files to download or if they come from an unidentified user.  If when using WhatsApp or any other messaging platform you receive a message with any of these characteristics, rest assured that it is an attempted scam.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.