Category: Whatsapp

MPs aren't just getting excited about an upcoming election, but also the fruity WhatsApp messages they're receiving, can we trust AI with our health, and who on earth is pretending to be a producer for the Drew Barrymore TV show? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.

Staying active on social media is a popular trend, and WhatsApp is one of the prominent platforms facilitating connections with both businesses and loved ones. However, security experts warn that, like any online service, this Facebook-owned subsidiary is susceptible to nefarious activities that can compromise users’ bank accounts and reputation. To safeguard WhatsApp users from scams and online fraud, here are eight tips to follow:

Prize Schemes: Avoid clicking on links promising prizes or lottery winnings, as these could be traps designed to extract sensitive information such as birthdates, online banking passwords, and email credentials.

Fake Job Offers: Be cautious about job offers that seem too good to be true. Scammers often exploit the allure of enticing job titles and salaries to target educated users. Stay vigilant and refrain from clicking on links that prompt the entry of critical details.

Unknown Calls with Suspicious Profile Pictures: Hackers frequently pose as attractive individuals to entice victims. They may initiate calls, request explicit content, and later use it for blackmail. Never engage in conversations or accept calls from unknown senders, regardless of their claimed identity or appearance.

Bank Alerts: Exercise caution with messages claiming to be bank alerts, urging users to complete KYC procedures to unlock their accounts. These links often lead to scams aimed at draining funds from unsuspecting users.

Holiday Purchase Scams: During holiday seasons, scammers exploit the festive atmosphere by sending messages prompting users to make payments for nonexistent purchases. Be wary of such messages, as they are designed to compromise your device’s security.

Netflix or Amazon Prime Subscription Messages: Companies like Amazon and Netflix do not send subscription messages via WhatsApp. If you encounter such messages, be skeptical, as they could be attempts to trick you into falling for an over-the-top subscription scam.

Parcel Delivery Issues: Messages about missed parcel deliveries or delivery problems might be deceptive. Before clicking on embedded links, verify the information with family or friends to avoid falling prey to malicious schemes.

Social Media Messages: Messages from social media platforms about their latest services and products usually come from registered senders. If a message lacks sender information, refrain from clicking on any links and instead inquire further to prevent potential regret.

By staying vigilant and following these tips, WhatsApp users can minimize the risk of falling victim to scams and protect themselves from online fraud.

The post Eight 8 WhatsApp message links that you should never click on appeared first on Cybersecurity Insiders.

Former Prime Minister Boris Johnson wants to hand over his WhatsApp messages - or does he? And a couple of fun-loving girls from Aberdeen have come up with a sinister twist on sextortion scams. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley (from a mystery location) and Carole Theriault.

Elon Musk issued a statement recently slamming WhatsApp for secretly recording activities while the user is sleeping. On Tuesday, the Tesla Chief raised concerns that “WhatsApp cannot be trusted” when it comes to keeping its user data private and secure from snooping eyes.

“If the company is itself indulging in malpractices, then how can an online service user gain trust in the application?” said Musk, by directly tagging the same to Facebook chief Mark Zuckerberg.

While the tweet buzzed for a while on the internet, it was taken down from the platform for reasons best known to the owner of the company that beams internet via dedicated satellites to the war-torn Ukraine region.

So, did Zuckerberg and his team make a note of the development that their app was secretly recording user activities via the microphone, even during their sleep time? Well, there’s no answer yet!

Coming to the second news that is buzzing across the internet, it is related to doctors who have raised concerns about the use of AI in the medical field.

According to British Medical Journal Global Health, medical experts are urging the government and the tech heads of companies that are developing AI products to halt their experiments until a route map is created to stop disinformation and surveillance spread from the chatbots.

A team of 5 doctors and an equal number of health experts from across 4 continents have disclosed their concerns on paper and submitted it to the medical committee of Britain. Their concern is regarding the development of AI robots to be used in the medical field and the use of AI-propelled Lethal Autonomous Weapon Systems (LAWS) that could indulge in mass murders of innocent populace.

Since both need the analysis of large datasets, the medical field is concerned about the way the experts are feeding these systems with supportive result-yielding data that can produce severe economic devastations and human misery and could steal livelihoods of millions.

Basically, they want to restrict the usage of robots in the medical field as machines cannot work with ethics like their human counterparts and can be tweaked to kill or, at the very least, influence patient minds.

However, experts from the US fraternity state that a slight relaxation in the R&D of AI can propel nations like Russia, China, and North Korea to surpass the country, unabated.

So, a tough call ahead!

NOTE : The concern is not with the invention of the Artificial Intelligence tech, but the use of it by our human minds. If it falls into the wrong hands, then it can lead to devastation of the world within no time.

The post News on WhatsApp listening to sleeping users and Doctors fraternity raising voice against AI threat to humanity appeared first on Cybersecurity Insiders.

In an open letter, seven secure messaging apps—including Signal and WhatsApp—point out that the UK’s Online Safety Bill could destroy end-to-end encryption:

As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ability to communicate securely.

The Bill provides no explicit protection for encryption, and if implemented as written, could empower OFCOM to try to force the proactive scanning of private messages on end-to-end encrypted communication services—nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users.

In short, the Bill poses an unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world, while emboldening hostile governments who may seek to draft copy-cat laws.

Both Signal and WhatsApp have said that they will cease services in the UK rather than compromise the security of their users worldwide.

WhatsApp, owned by Facebook, has introduced three new account protection features to enhance the security and privacy of its users, in line with current expectations. These features, which will be rolled out in a month, will help prevent users from being targeted with malware and unauthorized access.

The “Account Protect” feature will add an extra layer of security to user accounts by requiring a PIN to enter the account. This is useful in events where authorized access to a user’s device accounts can be eradicated.

The next feature is the “Device Verification” feature, which will bar cyber criminals from hacking into an account to send unwanted messages or inject mobile device malware. This feature can help avoid the spread of malicious software, such as the Pegasus espionage software.

The third feature is named “Automatic Security Codes”, which helps in periodically refreshing the security code of a device during message encryption. This can cut down on interception of messages by hackers trying to decrypt the message thread-line.

All three features will be available to both Android and iOS operating system users, but will be unavailable by default, so users will need to enable the feature via app settings.

According to the statement issued by the messaging giant, these newly introduced security features will be part of the pre-announced “Stay Safe with WhatsApp” campaign aimed at winning the trust of users when it comes to their conversations’ security and privacy.

The post WhatsApp introduces new mobile security features appeared first on Cybersecurity Insiders.

The domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta, which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Freenom’s website features a message saying it is not currently allowing new registrations.

Freenom is the domain name registry service provider for five so-called “country code top level domains” (ccTLDs), including .cf for the Central African Republic; .ga for Gabon; .gq for Equatorial Guinea; .ml for Mali; and .tk for Tokelau.

Freenom has always waived the registration fees for domains in these country-code domains, presumably as a way to encourage users to pay for related services, such as registering a .com or .net domain, for which Freenom does charge a fee.

On March 3, 2023, social media giant Meta sued Freenom in a Northern California court, alleging cybersquatting violations and trademark infringement. The lawsuit also seeks information about the identities of 20 different “John Does” — Freenom customers that Meta says have been particularly active in phishing attacks against Facebook, Instagram, and WhatsApp users.

The lawsuit points to a 2021 study (PDF) on the abuse of domains conducted for the European Commission, which discovered that those ccTLDs operated by Freenom made up five of the Top Ten TLDs most abused by phishers.

“The five ccTLDs to which Freenom provides its services are the TLDs of choice for cybercriminals because Freenom provides free domain name registration services and shields its customers’ identity, even after being presented with evidence that the domain names are being used for illegal purposes,” the complaint charges. “Even after receiving notices of infringement or phishing by its customers, Freenom continues to license new infringing domain names to those same customers.”

Meta further alleges that “Freenom has repeatedly failed to take appropriate steps to investigate and respond appropriately to reports of abuse,” and that it monetizes the traffic from infringing domains by reselling them and by adding “parking pages” that redirect visitors to other commercial websites, websites with pornographic content, and websites used for malicious activity like phishing.

Freenom has not yet responded to requests for comment. But attempts to register a domain through the company’s website as of publication time generated an error message that reads:

“Because of technical issues the Freenom application for new registrations is temporarily out-of-order. Please accept our apologies for the inconvenience. We are working on a solution and hope to resume operations shortly. Thank you for your understanding.”

Image: Interisle Consulting Group, Phishing Landscape 2021, Sept. 2021.

Although Freenom is based in The Netherlands, some of its other sister companies named as defendants in the lawsuit names are incorporated in the United States.

Meta initially filed this lawsuit in December 2022, but it asked the court to seal the case, which would have restricted public access to court documents in the dispute. That request was denied, and Meta amended and re-filed the lawsuit last week.

According to Meta, this isn’t just a case of another domain name registrar ignoring abuse complaints because it’s bad for business. The lawsuit alleges that the owners of Freenom “are part of a web of companies created to facilitate cybersquatting, all for the benefit of Freenom.”

“On information and belief, one or more of the ccTLD Service Providers, ID Shield, Yoursafe, Freedom Registry, Fintag, Cervesia, VTL, Joost Zuurbier Management Services B.V., and Doe Defendants were created to hide assets, ensure unlawful activity including cybersquatting and phishing goes undetected, and to further the goals of Freenom,” Meta charged.

It remains unclear why Freenom has stopped allowing domain registration, but it could be that the company was recently the subject of some kind of disciplinary action by the Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit entity which oversees the domain registrars.

In June 2015, ICANN suspended Freenom’s ability to create new domain names or initiate inbound transfers of domain names for 90 days. According to Meta, the suspension was premised on ICANN’s determination that Freenom “has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest.”

ICANN has not yet responded to requests for comment.

A copy of the amended complaint against Freenom, et. al, is available here (PDF).

WhatsApp, the messaging platform now owned by Facebook parent Meta, has made it official that its users will now-on be allowed to connect their accounts to proxy servers. However, the new rule only applies to nations where censorship is high, like China, and in places, internet shutdowns are frequent, like in Iran.

Means, WhatsApp users can use intermediatory gateways to connect to the web, or in case the link between their device and the internet goes off.

Countries like Iran and China indulge in surveillance practices where digital communication and internet access is often disrupted to suppress the voice of dissident citizens against government and its invasive policies.

Iran, China and to a large extent Russia are some nations that stand as authentic examples to governments cutting down the internet freedom of their citizens, respectively.

Under such circumstances, online users often take help of proxy servers and this is what the Facebook subsidiary will allow for free from February 2023.

To configure the service, users need to go to Settings tab and tap on ‘Storage and Data’ option after which they are asked to enter the proxy server address in the Proxy settings webpage, thus giving them a communication stream having high-level privacy and security.

A dedicated web page has been setup by the photo and video sharing messaging platform and it can help those who require a guidance on WhatsApp proxy server connect.

NOTE- The new feature that is existing on other online services such as Telegram and Signal can be found operational in the latest version of the application.

 

The post WhatsApp Proxy Servers Connect details appeared first on Cybersecurity Insiders.

Every year, we hear something or the other about WhatsApp data breach and following this course is this news that is currently trending on various social media platforms and community forums at the end of this year, i.e. November 2022.

According to a post on a dark web forum, a hacker is claiming to sell information related to about 487 million WhatsApp users that includes their mobile numbers, respectively.

Surprisingly, the details include information related to the Meta owned firm’s consumers in 84 different countries and include 32 million users from America.

Further, leaked data-set includes 45 million users from Egypt, 35m from Italy, 29m from Saudi Arabia, 20m from France and 20m from Turkey.

Hacker has posted openly on the forum that the info related to USA users will be available for sale for $7000 and the database related to Germany and UK is available for $2,000 and $3,000 respectively.

Remember, threat actors can use such details to impersonate and launch phishing attacks.

The video and photo sharing platform has acknowledged the news as fake, as the screenshot posted in the forum doesn’t legibly prove the data hack.

NOTE- As per a report from the company in February 2022, WhatsApp has a user count of 2 billion users on a global note. It also is the world’s second non-Google app that achieved the milestone of 5 billion installs on PlayStore. And information is now out that the platform has over 11 million monthly active users who share 989 million photos and 140 million videos on a daily note and handle around 16 billion messages per day. In March 2022, Cybersecurity firm Symantec issued a warning to all online users to download WhatsApp only from legitimate platforms and stay away from applications such as WhatsApp Gold and WhatsApp Premium that were developed only to spread viruses and malware.

The post Latest WhatsApp Data Leak 2022 details are here appeared first on Cybersecurity Insiders.