Hacking: the number of mimicking social networking login sites has grown 10-fold
The number of sites that mimic authorization to the WhatsApp messenger account (owned by Meta, which is recognized as extremist and banned in Russia) has increased almost ten times compared to January 2024. This was reported to Izvestia in the Domain Coordination Center. But such pages are phishing pages. With their help, attackers "hijack" the user's account, and then from the hacked account send messages to the list of contacts with a request to borrow money. About what new schemes of deception through messengers appeared in 2025 - in the material of "Izvestia"
How to cheat through WhatsApp
In January 2025, the number of phishing domains in Runet, targeting WhatsApp users, increased almost tenfold compared to January 2024, reported "Izvestia" in the Coordination Center of domains .RU/.RF.
"Last year in the .RU and .RF zones, the number of phishing domains created to hack the accounts of its users grew seven times - from 218 in 2023 to 1,527 in 2024. And in 2025, this trend has only intensified," they said.
In January 2025, 109 phishing domains on WhatsApp were blocked in Runet as part of the "Domain Patrol" project. And BI.ZONE Brand Protection specialists in the same month recorded 761 domains that mention WhatsApp - they can include both fraudulent and legitimate resources.
For attacks, scammers create pages that mimic the messenger's authorization forms, then use various pretexts to convince the user to enter login details before gaining full access to their account.
- Most often, the hacked account is used to send messages to the list of contacts with a request to borrow money - trusting a "friend", people transfer funds to the fraudsters' accounts ," the Coordination Center said. - But more serious risks are associated with access to personal data: fraudsters can use photos of passports and documents stored in WhatsApp to apply for loans or use them in other schemes.
Among the current schemes targeting Russian-speaking WhatsApp users, examples of both phishing and scams are recorded, said Olga Svistunova, senior content analyst at Kaspersky Lab.
- "For example, within one scam scheme, attackers mimic WhatsApp AI's 'automated stock trading solution'," she explained. - They create fake pages where they lure you with offers to earn money "with minimal effort." According to the legend, this is possible through access to the platform. However, if a person does decide to earn in this way, at some point they will be asked to invest their funds, which will go to the scammers.
There is also a scheme by which people were lured to a certain platform for draws via messenger. For this purpose phishers offered users to authorize by means of a QR code. The person was informed that if he doesn't authorize, the process of participation in the drawing will be canceled.
- In order to put people's vigilance to sleep, the criminals also placed a notice that the processing of the application takes some time ostensibly because of the high activity at the platform, - added Olga Svistunova. - If a person still decides to authorize and bind his device by QR code, the attackers will get access to his account.
She has noted that the well-known phishing scheme is still actively used - a request to follow the link and participate in the fake voting in the photo contest. In such cases, hackers also target users' credentials in messenger.
In January 2025, the growth of phishing sites amounted to almost 200% compared to the same period last year, Alexei Kolodka, the manager of the information security practice of RAMAX Group, told Izvestia.
Vulnerable platforms
WhatsApp now remains an extremely vulnerable platform, stressed Evgeny Pankov, project manager of the .RU/.RF Domain Coordination Center.
- In 2025, the growth of attacks on its users will continue to grow, so we need to be as vigilant as possible and carefully check sites that offer authorization through the messenger," he said. - The recent deadline for registering a domain to an individual is one of the first signs that the resource may belong to fraudsters.
Some of the scammers started using WhatsApp, but more for making calls, Alexei Gorelkin, CEO of Phishman, an expert in information security, confirmed to Izvestia.
- This is due to the fact that WhatsApp settings do not allow rejecting all calls from unknown numbers, but only making them silent," he explained. - But the filtering of calls in the mobile network, both by means of the phone operating systems themselves, as well as by means of individual applications and even telecom operators, allows you to block both spam calls and fraudulent ones.
One of the most active schemes in recent months has been the use of fake documents imitating official forms of various agencies, recalled Ivan Dmitriev, security director of SberCorus (operator of electronic document management).
- Actions on behalf of several people at the same time are also actively used, when attackers using social engineering methods present themselves as "employees of the bank or law enforcement agencies," the expert explained. - These schemes are often aimed at stealing accounts in popular services such as Gosuservices, Telegram and WhatsApp.
Another popular scheme highlighted by Alexey Kolodka, - fraudsters substitute bank chatbots with third-party programs to obtain customers' personal data: card numbers, CVV codes and other information.
- Another type of fraud is the seizure of accounts of popular personalities to smear their reputation and subsequent extortion," he added. - After gaining access to the account, the attacker tries to collect compromising data, including, for example, personal correspondence, including that of an intimate nature.
How to protect yourself from scammers
The main goal of attackers is to lure the victim to a phishing site, where it will be necessary to authorize via messenger. After that, the criminal automatically gains access to the account, recalled Alexander Vurasko, development director of the Solar AURA external digital threat monitoring center, Solar Group of Companies.
According to Ivan Dmitriev, such attacks most often target employees of companies. Corporate users have access to large amounts of valuable information, which makes them attractive targets.
To secure their accounts and money, it is important to set up two-factor authentication or access keys in messenger - this recommendation will be relevant for other services, not only messengers, said Olga Svistunova.
- Be critical of generous offers and promises of easy money," she warned. - Do not click on links from dubious messages, and use a reliable security solution on all your devices. It will prevent an attempt to go to a phishing or scam page.
Be careful when sharing any personal or business information, Ivan Dmitriev added.
- Never share your contact details, files, document identification numbers, logins, passwords and other important information when communicating with strangers," he added.
The expert reminded that official companies and government agencies never ask for confidential data via messengers or e-mail.
- Most importantly, if you did not initiate the call or communication and do not know what kind of person it is, then immediately lower the level of trust, - emphasized Alexei Gorelkin. - If you unexpectedly won or lost something, do nothing, but tell someone close to you about it. When you start telling, you will realize that it's all too strange. That's how the psyche works.
Abusers, he says, always use the same method: create an emotionally tense situation, set a hard deadline for the victim to take some action, and persistently guide her further - write what needs to be done to resolve the situation in a "good" way.
Переведено сервисом «Яндекс Переводчик»
