Researcher Graham Cluley is warning of bogus ‘WhatsApp subscription ending’ emails and texts.
Internet users are receiving an email pretending to be from WhatsApp and warning them of the ending for an alleged WhatsApp subscription.
Although the company stopped requesting any payment since January 2016, crooks are attempting to exploit the fact that in the past, WhatsApp used to ask users to pay a fee after they had been using the service for a year.
Using this social engineering attack, crooks aim to trick users into clicking links including in the messages that might result in they handing their payment information over to attackers.
“Have you received an email claiming to come from WhatsApp that warns that you have been using the service for more than one year and that it’s time to take out a subscription?”
“Beware! The emails are, of course, a scam designed to trick you into clicking links that might result in you handing your payment information over to fraudsters.” states the blog post published by Graham Cluley on the ESET blog.
Below a portion of the malicious email:
Your subscription is ending soon
Please update your payment information now
UPDATE YOUR PAYMENT INFORMATION
Our records indicate that your WhatsApp trial service is exceeding the one year period. At the completion of your trial period your WhatsApp will no longer be able to send or receive message. To continue using WhatsApp without interruption, we need you to subscribe for any of our subscription periods.
As usual, you should always be wary of unsolicited email messages and SMS text messages claiming to come from WhatsApp demanding payments or the verification of your account’s credentials.
“You ultimately decide what links you click on, and whether you hand over your passwords and payment card details. Always think twice, because the wrong decision could prove costly.” concluded Graham Cluley.
[adrotate banner=”9″]
(Security Affairs – WhatsApp scam, phishing)
[adrotate banner=”13″]
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
This website uses cookies.