Cybercriminals actively use messenger applications to steal personal data, personal information and bank card details. To do this, they exploit application vulnerabilities, apply social engineering methods, and send out phishing messages.
Below, let’s take a look at what threats affect messaging programs:
Vulnerabilities. The most common errors in messenger applications are weak encryption algorithms, insecure implementations of the SSL protocol, the ability to create and listen to a voice connection before the user answers the incoming call.
Malicious links and files. Attackers use social engineering techniques to entice the victim to open a file or link. Often they present themselves as bank employees, forging “nicknames” and “avatars”. For example, your messenger may receive a message supposedly from Sberbank from number 900, while instead of zeros, the letters “O” – 9OO will be used. The message will say that a purchase (money transfer) was made from your bank card, and if you did not make it, then to contact the bank you need to call the phone number indicated in the message. If the user calls, the fraudulent operators, using social engineering methods, will try to find out the bank card details from him.
Messages from hacked accounts. Having gained access to the user account of the messenger, the attacker automatically gains access to all of his contacts. This allows him, posing as another, to send messages to all chats with a request to transfer funds or with attached malicious files. Many users, receiving such a letter from “their friend”, fall for the trick of a fraudster.
Link preview. Upon receiving an incoming message containing a link or file, messengers form a small preview wind
ow with a brief description of the page or file – the so-called “preview”. In order to create such a preview, the program automatically opens this link or downloads a file, which can potentially lead to ma
lware infection of the device.
The ability to access the correspondence of third parties. You can use all known methods of protecting your smartphone, but you cannot demand the same from your interlocutors. There is no guarantee that someone else will not have access to their devices. For example, your friend’s phone was stolen, which was not protected by a pin code. An attacker will be able to read all your correspondence or restore it from a backup.
“Text bombs”. There are certain character sets that the messenger cannot handle. As a result of receiving a message with such a set of text, the normal operation of the program is disrupted, and it has to be reinstalled.