About 39,000 websites are used to steal secret user data through fake login pages of WhatsApp, Facebook, Instagram.
Cyber hackers are back with their new tactics to steal user information during phishing attacks and this time they are targeting the widely used instant messaging app WhatsApp and others. The Meta-owned company has informed that more than 39,000 websites designed to steal user data using bogus login pages have been found. They are all wrong! The login pages of these bogus websites are meant to convince a victim to submit sensitive information like password and email address which cyber criminals will later use to steal data etc. It’s not just fake WhatsApp websites, there are others on Facebook, Instagram, and Facebook Messenger. All it takes for a user to get ripped off is to log into WhatsApp on a fake website. It’s easy to go wrong because these fake WhatsApp, Facebook, Instagram sites almost look like the real ones!
Facebook confirmed in a blog post that not only WhatsApp, but other widely used social media networks – Instagram, Facebook and Messenger are used to launch phishing attacks in order to trick users into disclosing their login details on bogus login pages. In light of the incident, social media giant Facebook filed a federal lawsuit in a California court to uncover the identity of the cyber hackers behind the phishing attack.
How it’s made
Cybercriminals usually send links to your real WhatsApp, Facebook, Instagram, and other social networks, as well as emails with links. By clicking on these links the user will be taken to a fake website that looks exactly like WhatsApp, Facebook or Instagram. However, this is wrong and if the users do not recognize it, they end up trying to login and thus inadvertently reveal their usernames and passwords to cyber criminals.
Cyber thieves have used a strategy that allows them to redirect Internet traffic to phishing websites in such a way as to hide their attack infrastructure from the attacks. This allowed them to hide the real location of the phishing websites, as well as the identities of their online hosting providers and defendants. Facebook mentioned that the social media company worked with the relay service to suspend thousands of URLs to phishing websites starting in March 2021, when the volume of such attacks increased.
Your role in the fight against phishing attacks
While the social media giants are working effectively to catch the people behind these phishing attacks, you can also stop them with some simple tricks while being mindful. If you receive any suspicious emails, messages or texts on WhatsApp, Instagram, Facebook or Messenger, which may ask you to log in with your Facebook username and password, ignore them, do not click on them or provide any of your personal data. You need to be 100% sure of any website before you do anything on it.
Even if you receive an email claiming to be from social networks owned by WhatsApp or Facebook with links or attachments, do not click on it either.
What to do if you clicked on these fake links and tried to sign in to WhatsApp
However, if you think you’ve accidentally provided any of your personal information or your account is in danger, follow these tips.
- Above all, immediately change your WhatsApp connection password. If you can still access your account, protect it by changing your password and signing out of any devices you don’t have.
- Know how to recover your account if you can’t access it and your username or password isn’t working.
- Try to assess recent activity and check recent Facebook emails to see if anything unusual has happened with your account.