Fraudulent links breach bank accounts and WhatsApp profiles

• While banks are working to close all possible fraud loopholes and educate their customers about its dangers and various methods of prevention, hackers are actively seeking to exploit new security gaps.

While it’s often said that “knowing the methods of fraudsters can help prevent financial fraud,” this advice may no longer be enough to counter the sophisticated tactics of hackers. With the advancement of digital technology, detecting these attempts has become increasingly challenging for many people, according to Al Rai newspaper.

While banks are working to close all possible fraud loopholes and educate their customers about its dangers and various methods of prevention, hackers are actively seeking to exploit new security gaps. They aim to open fresh vulnerabilities in the digital landscape to persuade victims to divulge their confidential data.

New methods by hackers

In addition, Al-Rai newspaper has learned that customers recently complained to their banks about falling victim to a fraud scheme involving new methods used by hackers. These hackers succeeded in accessing their WhatsApp accounts, and some banks have already refunded the stolen amounts.

Recently, friends listed in phone contact lists were surprised to receive messages from a contact claiming they needed an amount, typically not exceeding 50 dinars, to be transferred via a “link.” What’s new is that the scam now involves sending links that appear legitimate but are malicious in practice.

Sources indicate that personal data is being compromised through fake links that exploit the names of well-known groups, such as “lawyers in Kuwait” or “engineers in Kuwait.”

Innovative form of fraud

Sources pointed out that one innovative form of fraud involves direct contact with customers from a number that appears local but is not. The caller pretends to represent a reputable employer and offers a very attractive job with an ideal salary, prompting the recipient to quickly and expensively respond, especially if they are job hunting and confident in their skills.

In cases involving group messages or recruitment communications, the intent is psychological manipulation to gain the victim’s trust and convince them to either perform certain actions or disclose confidential information. This can lead to direct access to the victim’s bank account or their WhatsApp.

In the latter scenario, the hacker does not need an OTP; instead, they send a malicious link that, when clicked, grants them control of the victim’s personal data.

If successful, the hacker gains control of the victim’s phone and sends uniform messages to all contacts, starting with “Peace be upon you” and ending with “I have an online order I tried to pay for, but my card is expired. Can I send you the payment link for you to pay, and once the payment is completed, I will transfer the amount to you.”

The fraudster will likely exploit these emotional moments, as many friends will probably respond by posting the ‘link’ under the pretext of “Helping a friend in need.” Due to their affection, friends may not question the request, which provides the hacker with an additional opportunity to collect as much money as possible from the victim’s contacts.

It is worth noting that the decrease in the amount requested for transfer encourages more rapid responses from a wide range of friends. The cycle of sending and receiving money continues until the victim realizes their phone has been hacked and must warn their friends not to respond to any links sent from their number. By that time, some friends may have already sent money.

The biggest challenge for banks in recovering ‘hacked’funds is the delay in the victim realizing their data has been compromised, followed by the delay in notifying their bank. This also affects the central fraud investigation unit’s ability to seize the transferred funds in a timely manner.

The longer the report is delayed, the greater the opportunity for the hacker to withdraw the amount directly or quickly transfer them to external accounts.