By becoming popular, they turn into a real danger. The more famous an application is, the more likely it will be used by cybercriminals to carry out frauds, which may turn out very expensive for those distracted users.

The perfect example is WhatsApp. Each novelty announced by the instant messaging service is exploited immediately by the thugs on the network to deploy all kinds of social engineering techniques.

Without going any further, WhatsApp voice calls lead on to fraud via email: the victim is notified by email of a pending voice message and in order to for hear it he just needs to click on it. By doing so, it will not play any message, but actually it will download a malicious software on the user’s computer.

To generate this avalanche of fraudulent services, cybercriminals not only take advantage of WhatsApp’s latest features. Sometimes they create totally fake versions with presumed advantages as the possibility of customizing the app’s appearance. The most recent case is the one of the so-called Blue WhatsApp, it promised changing the famous app’s green to blue, although this version hides a poisoned apple: a subscription to a premium service which will increase, quite a bit, the victims’ phone bill.

In general, the desire of enjoying new features on an application as common as WhatsApp makes some users to accept these updates even if they do not come from an official supplier.

That is why, the best way of avoiding any kind of fraud from making a hole in our pocket or someone stealing our information stored in our Android is using Google Play (or the App Store in case of having an Apple device) at the time of downloading and update or any other application.

In this way, users can sort the Web woven by the crooks on the Internet. Furthermore, not only should be wary of those web pages that provide the so-called WhatsApp download with little credible characteristics: on other occasions, a platform which doesn’t belong to the official app nor to the corresponding applications market, will simply offer users to download WhatsApp as a way of attracting potential new victims.

Without false advantages but just as fraudulent, these downloads will fill your device with malware or subscribe you to an SMS premium service at a great cost. It is the case of a website that distributes a malware designed to steal data and it does it under the official WhatsApp appearance.

The web site does not promise any new features in the instant messaging service. It simply enables the download. When the user installs it and accepts all permissions requested, this false WhatsApp access the information stored on the users’ Android device.

That way, both downloading and updating an application, the safest way to do it is going to the corresponding official site. Even so, users can also find in places like Google Play some fraudulent applications hiding under the appearance of a popular service or that simply requires more permissions than the strictly necessary.

For this reason, before downloading an application for the first time you should read carefully its rating and some comments from other users: if it is a trap that has evaded Google’s Play security, the previous experience of others can serve you as warning.

The post WhatsApp for Android: Always download it from Google Play! appeared first on MediaCenter Panda Security.

Finally you have your new smartphone in your hands. Whether it is a Nexus, an iPhone or a BQ we are sure that one of the first things you do is download WhatsApp. You are so focused on setting up the app that you haven’t stopped to think about the implications of your WhatsApp identification being carried out by your SIM card.

In social networks you create a new profile with a user number and a password, but in the instant messaging service par excellence (it already exceeds 700 million users) you identify yourself exclusively with your cell phone number. Once you have connected your number to WhatsApp, the app is associated with the terminal, whether or not the SIM card is inside.

Our phone number is also a way of identifying us in other services we use daily, such as email. Gmail allows you to add a phone number to your account in order to protect it and to ensure that if someone intercepts it or you forget your password you can get it back. Google’s support web page explains that associating your phone number is safer than an alternative email or a security question, because your phone number is something you have physically thanks to your SIM card.

Your phone’s security starts on that card. That’s why security experts recommend taking preventive measures to avoid anyone from spying on your WhatsApp conversations if your SIM card gets duplicated or someone takes it temporarily.

How to protect your SIM card when it is the key to your WhatsApp

• Keep your PIN and PUK code in a safe place: some people have the bad habit of writing them on a piece of paper and putting that paper in their wallets. If you leave your personal belongings unattended for a few minutes, someone might put your SIM in his phone, enter the PIN to which he has had access before and then spy on your conversations indefinitely. If this person is careful to leave everything exactly as it was you will never realize what has happened.
• Another possibility is that someone clones your SIM and impersonates you. Although in current SIM cards the process is quite difficult, if you are one of those who has cut his card to adapt it to the new terminals there are ways to carry out attacks and clone the information that your card contains.
• The third method (and most likely) is that a cyber-attacker will keep the information in your card, it is called the ‘SIM Swapping Attack’. The SIM Swap is the process through which a user can transfer a phone number to another company. A cybercriminal can perform a phishing attack or identity theft which will allow him to know the transfer information, keeping all the SIM’s information. This type of attack has been long used for accessing bank accounts: the offender manages to replace your phone number and starts getting all notifications and calls from your bank, including those in which the bank sends you confidential information about your account, for example, to verify a transaction.
• If you lose your phone or it gets stolen and you have a WhatsApp account associated, we recommend you to associate your number to another telephone as soon as possible so that if the stolen terminal asks for a verification test the offender cannot complete it. To prevent anyone from reading your conversations if the phone falls into their hands, you can deactivate your account here. You will only have to send an email to the support team that will deactivate the account for a period of 30 days, after which you can decide whether to reactivate it or eliminate it altogether. Of course, it may take several days for WhatsApp to process your request and disable your user account, a time during which your account will be unprotected.

So, now you know that your SIM card can be a potential source of interest for real and virtual criminals, that’s why is not enough to keep making sure your phone is in your pocket: you also have to start making sure that the card inside is as secure as possible.

The post How to protect your SIM card when it is the key to your WhatsApp appeared first on MediaCenter Panda Security.

The success of WhatsApp has a downfall: while the instant messaging service reached 600 million active users last summer, the numbers of frauds emerging around the app are also growing steadily.

What are the most common scams in WhatsApp? What should we do so we don’t take the bait?

WhatsApp: 6 scams you must pay attention to!

1. A fake invitation to WhatsApp voice calls

With the arrival of WhatsApp voice calls a new fraud has emerged. While millions of users are waiting for an invitation to access this new feature, cybercriminals are distributing the malware via a link, which automatically downloads the malware.

To avoid falling into the new WhatsApp fraud, you should keep in mind that voice calls are only available for Android phones.

2. Frauds via browser

After WhatsApp launched their browser platform, fraudulent websites were created to steal your banking data.

This fake webpages use different types of scams:

• Asking for the phone number of the gullible users and then, subscribing them to downloading premium services which charge special rates.
• Making users download an application in their computers, but actually is a Trojan that will allow cybercriminals to obtain confidential information, such as banking information.

In this case, one thing to remember is that the only browser version of WhatsApp is free, and you don’t need to download anything to your computer to use it.

3. How to disable the blue double check

Scammers also tried to take advantage of WhatsApp’s double check launch. Before the instant messaging service allowed disabling this feature, in social networks we could find advertisements of fraudulent services for getting rid of the darned double check.

Getting some users to sign up for a premium SMS service without knowing it, which has a special rate. Remember: you can disable the double check feature from the app.

4. WhatsApp Gold

The Spanish National Police and Civil Guard reported a couple of months ago the existence of a scam that can be expensive, actually, 36 euros per month.

The fraud starts with a message via social networks in which WhatsApp users are invited to click on a link to update their app to the inexistent Oro version (Gold version), including supposed new and exclusive features.  The link takes the user to a web page where, if he wants to use these improvements, he has to give his phone number.

In fact, all those who gave their number will subscribe to a premium SMS service: each text message that you receive will cost you 1.45 euros, until a maximum of 36.25 euro per month. If you ever cross paths with this message, remember there is only one official version of WhatsApp. Common sense is, as usual, your best ally.

5. The fake voicemail of WhatsApp

In contrast to the ones before, this scam doesn’t take the advantage of a recently launched service, it just invents one. It starts when a user receives an email, in which they inform him that he has an unread voice message in the WhatsApp nonexistent voicemail.

When he hits “Play”, there is no message, but it downloads malicious software that the scammers introduce to your device. From that moment on, text messages with special rates or the theft of confidential information can cause the user a great deal of trouble. Remember: there is no WhatsApp voicemail.

6. WhatsApp’s Spy

We are aware of the existence of WhatsApp Public, an application that allows you to spy your contacts in WhatsApp, but there is a scam that goes one step ahead and offers( with a similar name) a service which allows anyone to read conversations of others. But it is just another way of infecting with malware the gullible user’s phone.

Obviously, you can’t spy other people’s conversations and the only change it will bring it will come in your phone bill, which will increase considerably.

Remember that it is important to maintain your cellphone’s security. If you want, you can download free of charge our antivirus for Android.

The post WhatsApp: 6 scams you must pay attention to! appeared first on MediaCenter Panda Security.