A new WhatsApp message is reportedly being circulated globally, claiming that a statutory message, which otherwise appears to be a harmless SMS urging you to pay your phone bill, is designed to instantly take over your phone and steal all the money from the netbanking app on your phone. However, an investigation by cyber security watchdog Sophos states that such forwarded WhatsApp messages are part of a hoax campaign. A note on the matter, written by Sophos' principal cyber security research scientist Paul Ducklin, was shared with News18, giving us access to the message being circulated, and why you should not fall for it.
The WhatsApp message in question reads, "Straight from the City of London Police fraud team – Extremely sophisticated scam going about this morning. Definitely Danske bank customers but possibly all banks. You get a message saying a payment hasn’t been taken eg O2,Vodafone or EE [UK mobile providers] and to click here. As soon as you touch it the money is gone. They already have all your details and it’s the most advance scam the bank has ever seen. Pass this on to everyone. Please. This is from work this morning – they are being inundated with calls – thousands flying out of peoples accounts! Spread the word! (sic)"
However, the City of London police itself has since debunked the message's claim to authority, stating that such messages are baseless. While most users in India will likely not be alarmed, Ducklin's assessment of the situation suggests that this may be part of a new, more sophisticated cyber crime technique that attempts to rush users into taking action against their bank accounts. Since online and mobile banking are becoming mainstream in India too, it is very important for users to stay aware that such hoaxes which claim to warn them about a potential risk in their bank accounts.
What is curious in this case is that the message that is being forwarded on WhatsApp does not come with any clickable link attached to it. The coronavirus pandemic has sparked off an unprecedented spike in cyber criminal activities, with a sharp rise in phishing attacks being documented everywhere. In such times, the appearance of such obviously targeted hoax campaigns suggest that users should remain even more prudent about their online safety, including setting rigorous passwords, avoiding browser tracking, not clicking on any unknown links, and most importantly, not forwarding messages such as these without verifying their contents.