WhatsApp Phishing URLs Skyrocket With Over 13,000% Surge

February 20: The number of WhatsApp phishing URLs has skyrocketed in Q4 2019 after a 13,467.6% huge QoQ surge in the number of unique phishing URLs targeting its users being discovered by email security company Vade Secure since Q3 2019.

Vade Secure’s Phishers’ Favorites report for Q4 2019 highlights the 25 most impersonated brands in phishing attacks with the list being compiled after examining phishing URLs detected by Vade Secure’s technology. 

“Leveraging data from more than 600 million protected mailboxes worldwide, Vade’s machine learning algorithms identify the brands being impersonated as part of its real-time analysis of the URL and page content,” Vade Secure says

WhatsApp’s 5,020 unique phishing URLs detected by Vade Secure and its ascent as the 5th most impersonated brand in phishing attacks (up 63 spots) was the driving force behind social media brands’ increase in the share of URLs used in phishing attacks from 13.1% in Q3 to 24.1% in Q4 2019.

Vade Secure explains that “the staggering growth in phishing URLs stems primarily from a campaign inviting recipients to the so-called Berbagi WhatsApp group, which advertises pornographic content.

“Moreover, it appears web hosting provider 000webhost was hacked and used to host the phishing pages.”

Berbagi WhatsApp group invite
Berbagi WhatsApp group invite (Vade Secure)

The other two social media brands in the top 25 brands used as bait in phishing attacks are Facebook which took the second spot at the top and Instagram which rose 16 spots in the top, up to #13.

The former was by phishers as a lure in 9,795 phishing URLs while the latter made an appearance in 1,401, almost doubling its previous quarter’s numbers with a 187,1% QoQ growth.

Even though Facebook saw an 18.7% decrease in the number of URLs observed in phishing attacks, it was actually up 358.8% on a year-over-year basis.

“Regarding Facebook, one plausible explanation for its consistent popularity could be the rise of social sign-on using Facebook Login,” Vade Secure senior director Ed Hadley explains.

“With a set of Facebook credentials, phishers can see what other apps the user has authorized via social sign-on—and then compromise those accounts.”

Top 10 most impersonated brands in phishing attacks
Top 10 most impersonated brands in phishing attacks (Vade Secure)

In related news, Facebook-owned WhatsApp announced a week ago that it now has over two billion users around the world.

“Today we remain as committed as when we started, to help connect the world privately and to protect the personal communication of two billion users all over the world,” the company said.

Earlier this month, Facebook patched a critical WhatsApp bug that could have allowed attackers to read files from users’ local file systems, on the macOS and Windows platforms.

In December 2019, security researchers discovered another WhatsApp vulnerability that could be used to crash the app in a loop on the phones of all members of a group.

During late October 2018, Google Project Zero researcher Natalie Silvanovich also found a critical WhatsApp vulnerability activated by Android or iOS users answering a call and that could have lead to fully compromise the app.

Source: Bleeping Computer / Sergiu Gatlan

Previous Article
Next Article