Since the arrival of the corona virus we have been flooded with fraud and cyber attacks targeting mobile devices. WhatsApp is a very popular platform for cyber criminals also to target businesses.
In WhatsApp fraud cyber criminals pretend to be an acquaintance via WhatsApp who asks to transfer money. In most cases it is a friend who supposedly has a new number. This person is in money problems and urgently needs money after which a request for payment follows. They get information from social media to imitate the language, see what the person has experienced in the past period and check who they are friends with.
Sometimes cyber criminals manage to hack a WhatsApp account so that the victim sees all the previous messages in a chat from a contact who is really known to the victim. To take over a WhatsApp account scammers must find out a verification code sent to you. This can be an SMS code or a voicemail. Cyber criminals often steal the SMS code by telling them that the code was accidentally sent to you. They can sometimes listen to a voicemail because voicemails are often poorly secured. It can also happen that they hijack the mobile number and pretend that you have a new phone with WhatsApp installed. To verify this WhatsApp sends a verification SMS. As a result the SMS does not go to you but to the cyber criminals.
To prevent WhatsApp related fraud and attacks it is important that users set up two-step verification. When a user logs into WhatsApp on a smartphone a second PIN code must be entered which is linked to an email address. Using this cyber criminals can’t get into the account and it is more difficult for cyber criminals to access WhatsApp. Also make sure to turn on the security notifications so that you get a notification if one of your contacts has a new phone. If you really want to make sure that you are not dealing with a cyber criminal you always need to call the person to check if it is them. As a rule never transfer money via a link in WhatsApp. Go to your bank website or app and use the account number that is known to you.
WhatsApp fraud also a risk for your business
As there is a very large increase in businesses using WhatsApp they they will also be more at risk of becoming a victim. The National Cyber Security Center (NCSC) recently issued a warning that CEO fraud is increasingly committed via WhatsApp. What is CEO fraud? Basically a cyber criminal poses as CEO or someone from management. Using this tactic employees receive a fake WhatsApp message from someone from management who then asks to transfer a large amount to a foreign account. Cyber criminals usually choose victims of the financial department who are not in daily contact with the management. They anticipate on the fact that the employee does not dare to check whether the request is correct. They often try to pressure the employee with a short deadline. To prevent this type of fraud it is wise to develop an approval process in which several managers are involved. This way money cannot simply be transferred to a foreign account.
WhatsApp is also known to be misused for phishing. Cyber criminals will pose as a well known software company via WhatsApp to find out passwords. The criminals then lure employees via a hyperlink to a fake website where the victim is asked to enter access codes. It is very important that businesses structurally train employees to prevent these sort of scams which are based on human error to make the scam work.
Article continues under image
Have an anti fraud strategy as a business
It is important for any business to pursue a collective security strategy. It is important to make an overview of the mobile devices that are present in your business. Once it is clear which devices are available within the organisation it is important to establish clear rules. Determine which apps are not allowed to download and determine when employees need to change their password and which websites they can’t visit.
A mobile device management platform (MDM) can help with this. Thanks to such a platform organisations can determine which apps users can and can’t install and see which available updates have been carried out. Most MDM tools also offer extensive reporting options without compromising employee privacy. Also various emergency measures can be taken in the event of theft or loss. It is possible to locate the device or to delete it remotely via location determination. Note that MDMs can cause internal discussions about privacy. It is therefore wise to be transparent about this as a company and to ask the employee for permission if it concerns a personal device.
Tech-Wales Cyber Security
If you have any worries regarding cyber security Tech-Wales can help you make your organisation secure. We have experienced and customer friendly experts who can make your computer network secure and prevent attacks from cyber criminals. It is very important to have a good cyber security for your organisation. We also offer excellent Business IT Support for your organisation. We offer various pay-as-you go and monthly business IT support packages. Do not leave your cyber security to chance and contact us today.