A new scam circulating on WhatsApp uses the message "Vote for my son" as a lure to take control of the victim's account. The alert is launched by lawyer Xabi Abat, who warns of a trick that arrives through a known contact and seeks for the user to unknowingly hand over the access keys to their profile in the application.
"You receive a message and they tell you "Vote for my son"", points out Xabi Abat, lawyer.
A link and a fake vote to steal the account
The fraud starts with a message sent from the account of a known person. In that text, support is requested for a supposed contest through a link. Upon accessing, the victim enters a fake website that simulates the voting process.
On that page, the phone number is requested with the excuse of sending a key to validate the vote. That step is what opens the door to account hijacking.
"To be able to vote legitimately and count your vote… they ask you to leave your mobile number and tell you that you are going to receive an access code to validate that vote" - Xabi Abat, lawyer
When the user introduces that code, in reality they are facilitating access to their WhatsApp to the scammers.
"You are giving your WhatsApp username and password" - Xabi Abat, lawyer
The usurped account is used to amplify the deception
After completing that process, the victim loses control of the application. The account is usurped and passes into the hands of the criminals, who use it to write to other contacts and repeat the same maneuver.
"Then, you realize that your WhatsApp disappears, they have usurped your WhatsApp" - Xabi Abat, lawyer
The warning is not limited to messaging access. The lawyer maintains that the impact can be greater if the attackers manage to enter information linked to the device.
"The f***ed up thing is that they don't just access your WhatsApp, they access your phone, your passwords, your financial statements and all your personal information is compromised" - Xabi Abat, lawyer
Call to extreme caution
The recommendation is not to click on links of this type even if they come from known profiles, as they may have been previously compromised. The fake vote lure seeks to exploit trust between contacts to extend the chain and capture new victims.
Abat insists on exercising extreme caution before any message that asks to participate in contests, enter personal data or provide codes received by SMS. "Distrust these messages and be very careful", insists Xabi Abat, lawyer.