Fraudsters hijack WhatsApp accounts using fake petitions: how to protect data - State Service of Communications and Information Protection
Kyiv • UNN
Fraudsters hijack WhatsApp accounts by sending fake messages calling for votes to award the title of "Hero of Ukraine" to fallen defenders, which leads to a phishing site that steals access to the account.
Fraudsters are hijacking WhatsApp accounts using fake petitions to award "Hero of Ukraine" to fallen defenders. The State Special Communications Service warned about the new fraudulent scheme and gave recommendations on how to recognize fakes and avoid becoming a victim of fraud, UNN reports.
The government's computer emergency response team CERT-UA, which operates under the State Special Communications Service, warns of a new fraudulent scheme aimed at stealing WhatsApp accounts from Ukrainians. Attackers send messages on WhatsApp calling for votes for an electronic petition to award the title of "Hero of Ukraine" posthumously to Ukrainian soldiers. The messages contain a link to a fake website that imitates the official website of the "Electronic Petitions".
Details
CERT-UA employees have been tracking the described activity since April 2024 under the identifier UAC-0195. As of 20.04.2024, they have identified 18 domain names and sent appropriate requests to block them.
How fraudsters work:
- The victim follows the link in the fake message.
- The fake website offers to enter a phone number and receive a code.
- The victim enters a code in WhatsApp to "add a trusted device.
- The attackers gain access to the victim's WhatsApp account.
How to protect yourself:
- Do not click on links in suspicious WhatsApp messages.
- Check the domain name of the website before entering any data. The official page of "Electronic Petitions" is located at: https://petition.president.gov.ua/
- Never enter a code received via SMS on third-party websites.
- Be critical of any calls to follow a link or scan a QR code.
- Configure two-factor authentication (https://cert.gov.ua/article/6278274).
- Contact CERT-UA in case of suspicious activity: [email protected], mob.+38 (044) 281-88-25.