informa
2 min read
Quick Hits

Phishers Having a Field Day on WhatsApp, Telegraph

A pair of phishing campaigns against users of WhatsApp and Telegram's Telegraph expose them to extortion, credential harvesting, and even account takeover.

Within just a few days of each other, researchers sounded the alarm about phishing campaigns against two popular, global messaging platforms, Telegraph and WhatsApp.

Lat week, Rahul Sasi, founder and CEO of CloudSEK, posted a warning on LinkedIn that WhatsApp accounts were being targeted by phishing attacks trying to trick users into placing a call to the number "**67*< 10 digit number > or *405* <10 digit number >". Just a few minutes later, the device would log out of WhatsApp and the attacker would have full control of the account, Sasi added.

Turns out, dialing those digits forwards a victim's calls to a number controlled by the threat actors.

"Now in the backend, the attacker triggers the WhatsApp registration process for your number and chooses the option to send OTP via phone call," Sasi wrote. "Since your phone is engaged — the OTP will go to the attacker's phone, and it's game over for you."

Telegraph Phishing Attacks

Likewise, recent phishing attacks on users of Telegram's privacy-focused blogging platform, Telegraph, have spiked recently. Cyberattackers are looking to harvest Microsoft 365 credentials and run cryptocurrency scams, according to analysis from Inky.

Telegraph allows users to set up webpages without registration, and Telegram deletes sent messages after they are read, helping attackers to carry out their scams anonymously. As such, the researchers said Telegram is quickly replacing the underground web as the platform of choice for cybercriminals.

"Although many such sites are available, Telegraph is more attractive than most because of its unusually libertarian heritage; its founders openly propound a 'live and let die' philosophy, catnip to phishers," Inky researcher Roger Kay wrote about the Telegraph phishing scam findings.