Messaging App Scams

Messaging apps are great for sending texts, making voice/video calls and sharing media. Unfortunately, scammers have also taken an interest in these popular apps, using them for their own gain. Messaging app scams usually involve social engineering scams which trick people through human vulnerabilities rather than technical flaws, making them hard to spot.

1. Hacking through messaging app web version

• Victims, looking to use messaging app on their computers and click on the top search results without verifying the links. 
• These links could take them to fake websites that look like the official site, complete with a QR code. 
• When victims scan this code with their phones, the fake site may stop working and the scammers gain control of their messaging app accounts. 
• The scammers then use these accounts to message the victim's contacts, asking for personal information, bank details or money transfers. 
• Victims didn't immediately realize their accounts were hacked because they could still use the messaging app on their phones.
• Victims usually find out about this when their contacts report strange requests from their compromised accounts.
• Scanning the QR code from the phishing website could lead to malware installation.

2. “Copycat” or fake channels and groups

• Scammers often create fake versions of popular chat groups to trick victims into feeling safe. These fakes might have similar names, profile pictures, and admin usernames that are very close to the real ones.
• You'll notice a bunch of "active users" chatting a lot about the promotions, quick-money plans, or free prizes that the channel is advertising. 
• Attractive limited offers are a common tactic used by scammers to lure individuals into their schemes.
• Scammers may guide customers to click on fraudulent links that lead to phishing sites or malware installation.

3. Impersonation

• Scammers pose as someone you’d otherwise trust (such as a friend, colleague or a customer support agent) to trick you into giving up your personal information including TAC/OTP code. Scammers may send you a link or persuade you to leave the secure messaging app for a phishing website.

Things to keep in mind:

• Enable two-factor authentication (2FA) on your messaging app for better protection.
• Set up passcode or biometric authentication for accessing your messaging app account.
• Tighten your privacy settings on your messaging app:
  • Only allow your account to be added to new groups and channels from your contacts.
  • Silence unknown caller / only allow calls from your contacts.
  • Limit who can view your profile photos / bio description. 
• Regularly check all linked devices on your messaging app account. Remove unrecognized devices.
• Verify the URL if you intend to log in a web version of the messaging app.
• Keep your device safe by regularly updating their operating systems and apps to get the latest security fixes.
• Tighten your device's security by using a trusted antivirus on your devices and make sure to keep it updated regularly.

To report this issue, please get in touch with us.

Rest assured that CelcomDigi is actively taking measures to ensure our customers do not fall prey to such scams.