India is among the top three countries facing phishing attacks primarily via instant mobile messaging apps like Facebook-owned WhatsApp and highly-encrypted Telegram, a new report revealed on Wednesday, July 14.
The biggest share of detected malicious links between December 2020 and May 2021 was sent via WhatsApp (89.6%), followed by Telegram (5.6%), according to data shared by Kaspersky Internet Security for Android, part of the cybersecurity firm Kaspersky Lab.
Messaging app Viber was in third place with a share of 4.7% and Hangouts had less than 1% of the share.
Countries experiencing the highest number of phishing attacks were Russia (46%), Brazil (15%), and India (7%).
"Statistics show that phishing in instant messenger apps is still one of the most popular tools among scammers. This is partly due to the wide popularity of these apps among the audience, as well as the ability to use the built-in functionality of applications to carry out attacks," said Tatyana Shcherbakova, Senior Web Content Analyst at Kaspersky.
In a phishing attack, a cybercriminal sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware.
Sometimes, it can be difficult to determine whether an attack is phishing, as the difference can be just one character or a minor mistake.
"Vigilance combined with anti-phishing technologies form a reliable tool in the fight against phishing in messenger apps," Shcherbakova said in a statement.
According to researchers, messenger apps outstripped social networks by 20% in 2020 in terms of popularity among users and became the most popular tool for communication. In 2020, the global audience for messenger apps reached 2.7 billion and by 2023, it is expected to grow to 3.1 billion.
The Kaspersky team recorded 91,242 detections globally between December 2020 and May 2021. Telegram had the least amount of detections but was similar in geography to WhatsApp.
The largest number of malicious links were detected in Russia (56%), India (6%), and Turkey (4%). In terms of the number of phishing attacks recorded per user on WhatsApp, Brazil (177) and India (158) led the way.
Scammers often use WhatsApp and other messengers to communicate with users who were found on a legitimate resource (for example, various marketplaces and accommodation booking services) and also use them as a method of communication in malicious messages.
"Even if messages and websites look real, the hyperlinks, most likely, will have incorrect spelling, or they can redirect you to a different place," the researchers noted.
Even if a message or letter came from one of your best friends, remember that their accounts could also have been hacked.
"Remain cautious in any situation. Even if a message seems friendly, be wary of links and attachments," they advised.