You've just received a notice that you need to pay up for one of your favorite apps. It looks legitimate, but before you do anything, you must read this.
What's hiding behind that seemingly-innocent prompt are scammers that want to steal your cash. Don't fall for it! There are messages like this going around, targeting users of a popular messaging app.
How scammers are targeting WhatsApp users
WhatsApp is one of the most popular messaging services in the world. It has nearly 1 billion users worldwide.
If you are a longtime WhatsApp user, you probably remember that it used to be a subscription based service. Users had to pay $.99 per year to use it. However, it stopped charging those fees in 2016.
Now, cybercriminals are trying to trick people into believing they need to start paying the fee again. They are sending phishing emails and texts telling users that their subscription is ending soon. To continue using WhatsApp, the user needs to click on a link provided in the message and update their payment information.
Warning! Do NOT click the provided link, it's a scam.
Image: Example of WhatsApp phishing email scam. (Source: Action Fraud)
If you click on the link within the message, you'll be taken to a spoofed site and asked to enter your banking information. Victims who do this are just handing over their critical data to scammers.
One dead give away that this is a scam is the fact there are spelling and grammar errors. That's typical of phishing scams.
This type of hoax seems to pop up on messaging sites frequently. So much so that WhatsApp has instructions on how to handle them on its site.
Here is what you should do if you receive one of these messages:
- Block the sender of the message
- Disregard the message
- Delete the message
- Never forward these messages - this will prevent exposing your contacts to potential harm
Keep reading to find out how to avoid falling for a phishing attack. If you think you've already fallen for this scam, run antivirus software on your gadget to see if it has been infected with malware.
How to defend against phishing attacks:
- Be cautious with links - If you get a text or email that you find suspicious, don't click on its links. It could be a phishing attack. It's always better to type a website's address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn't what the message claims, do not click on it.
- Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
- Have strong security software - Having strong protection on your family's gadgets is very important. The best defense against digital threats is strong security software.
- Use unique passwords - Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it's simple for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
- Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
- Check your online accounts - The site Have I Been Pwned allows you to check if your email address has been compromised in a data breach.
Always stay vigilant when it comes to messages from someone that you don't know. And be on the lookout for errors in messages that are supposedly from the company itself.