WhatsApp, the popular messaging app owned by the Meta Group, is the target of a new phishing campaign targeting its users using a fraudulent voting system. Kaspersky revealed the details this Thursday, September 18.

Every month, 2 billion active users exchange messages on WhatsApp, making the app a prime target for cybercriminals. Cybersecurity firm Kaspersky unveiled a new scam this Thursday aimed at hacking user accounts.

The method used by cybercriminals involves luring users by redirecting them via a link to a web page that simulates a voting competition dedicated to, among other things, young athletes. The interface encourages potential victims to participate in the voting by displaying the total number of votes and the number of users in real time. It also promises a competition where the winner will receive prizes from sponsors.

The scam begins when users click the "authorize" or "vote" buttons. They are then redirected to a fraudulent webpage that encourages them to authenticate via WhatsApp.

A scam that allows control over victims to be taken

This is where the chain of events begins: once their phone number is entered, the fraudsters log into their account via the messaging service's web interface thanks to a vulnerability in the WhatsApp application. The web session, once activated by the victim without realizing it, allows the hacker to take control of their account remotely. They can then write messages or spy on their victim.

To protect against this type of phishing attempt, Kaspersky urges users of the messaging service to always verify the authenticity of unknown websites, never share verification codes sent by WhatsApp, and enable two-factor authentication on WhatsApp to increase the application's security level.