There’s a new viral message doing the rounds on WhatsApp, which claims that a single message with a link will allow cybercriminals to steal all the money from a user’s bank account as soon as they click on the same. The message has clearly caused a lot of panic, especially in the UK where it has gone viral. In fact, the City of London Police and Action Fraud UK have taken to Twitter, announcing that this is a hoax and users should not worry about the message.
The scam message reads as well,
“Straight from the City of London Police fraud team – Extremely sophisticated scam going about this morning. Definitely Danske bank customers but possibly all banks. You get a message saying a payment hasn’t been taken eg O2,Vodafone or EE [UK mobile providers] and to click here. As soon as you touch it the money is gone. They already have all your details and it’s the most advance scam the bank has ever seen. Pass this on to everyone. Please. This is from work this morning – they are being inundated with calls – thousands flying out of peoples accounts! Spread the word!”
Check out the tweet from Action Fraud UK below
The content of this message is false.
— Action Fraud (@actionfrauduk) March 30, 2020
On Action Fraud’s official website, a notice has been posted stating that the “City of London Police hasn’t issued any alerts about fake messages from Danske Bank.”
Can someone steal all your money with just one link?
While it sound scary, one cannot simply steal all your money by just getting you to click on a link. According to Paul Ducklin, Principal Research Scientist, Sophos, who wrote in a blog post, while “there’s a tiny ring of truth throughout, but so-called ‘unpaid mobile bill’ text message scams don’t work quite as directly as the hoax claims.”
He points out that typically links in such fraud messages will take users to a phishing website, where a fake login page will be used to lure the user into entering their sensitive data. This sensitive information which would be the bank details, including any kind of password. Only if the user enters such information on any fake login page is their account at risk. Simply clicking on a link will not let hackers steal all their money from a bank account.
Ducklin pointed out that at best hackers could use a compromised webpage to run malware onto a system or mobile phone if one were to click on such links. “But that sort of attack is very rare these days, and almost certainly wouldn’t lead to the crooks getting hold of your banking password immediately and instantly withdrawing money,” he pointed out.
What to do with such messages
First, do not forward such fake messages. If it has come from a friend, tell them that they too should forward this and it is likely just created to cause panic.
Ducklin also says that one should not be tricked by any message claiming to be from a particular authority. “Anyone can write ‘the police announced this’, but that doesn’t tell you anything useful. In this case, what came from the police was an announcement that it was false,” he wrote.
This claim of authority is a common theme that one sees in such fake WhatsApp messages across the world. In India too many fake messages float, some of which claim to be from the police or the government, and there have been plenty of these messages given the panic around the coronavirus situation. For users, it is recommended they go to the official website of the concerned authority to confirm before forwarding such messages.