Skip to Content
Don't fall for this WhatsApp voicemail phishing scam
© Rafael Henrique |
Security & privacy

Scam alert: Don’t click on these voicemail links in your email inbox

Scammers are continually evolving their tricks to trap as many people as possible. Whether it’s impersonating government agencies or faking a call from the bank, unfortunately, many people will fall victim.

With so many new scams and methods, it can be challenging to keep track of them. Often, criminals will use tactics that don’t seem like a scam. For example, a new method of attack attempts to get you to install software to listen to a WhatsApp message.

Read on to see how this scam works and what you should look for.

Here’s the backstory

Most communication platforms can integrate with others. For example, you can easily share a photo from Instagram to Facebook or post an image from WhatsApp to Twitter. Even if you are versed in how WhatsApp works, you might not know you can forward messages, photos or voice notes to an email address.

It is this functionality that scammers are exploiting, but it comes with a twist.

According to a report from security company Armorblox, cybercriminals recently sent malicious emails to 30,000 accounts. Here’s how the scheme works: The email claims that you’ve received a voice message from WhatsApp. To listen to it, you must press the play button that’s included in the email.

To no surprise, the button doesn’t activate the voice message. Instead, it redirects you to a malicious website that attempts to install malware onto your device. Once you pass the required “not a robot” test and agree to the pop-up, the Kryptik Trojan gets installed.

According to Armorblox, the malware can steal sensitive information from your device, retrieve data from your internet browser, and skim user names and passwords.

What you can do about it

The fraudulent emails have primarily targeted healthcare, education and retail companies across the U.S. However, the thieves behind the attack could start randomly sending malicious emails to anyone at any time.

Another frightening aspect is that the malicious emails bypass Microsoft and Google email security filters. That’s because the email itself doesn’t contain malware but redirects traffic to a fake website that does.

It is unclear if the attacks are related to Russia’s invasion of Ukraine. Still, Armorblox pinpoints the origin as a Russian domain associated with a government institution in the Moscow region.

Here are some tips to stay safe online:

  • Don’t click on links or download attachments that you receive in unsolicited emails.
  • If you receive an email that claims to have a voice message attached, check with the sender to verify they mailed it to you. If you don’t know the sender personally, delete the email and add the email address to your blocked list.
  • If a message gives you a sense of urgency, delete it.
  • Spelling and grammar errors are big red flags.
  • Use two-factor authentication and password managers for better security.
  • Keep your operating systems, apps and devices updated with the latest official software and patches.
  • Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at That’s over 85% off the regular price!

Keep reading

If you use these older phones, you’ll lose access to WhatsApp in two days

Before you log in to Facebook or WhatsApp again, read this warning

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days