Phishing emails that impersonate a WhatsApp voice message feature are making the rounds. Stealing people’s personal information via a form of malware.
The attack starts as any other phishing attack starts and that’s with an email claiming to be a notification from WhatsApp of a private voice message. The email contains a date for the message and an apparent duration of the message with an enticing “play” button.
The spoofed email masks an email address belonging to a Russian road safety organization. Because the address and organisation are real, the messages are not flagged as spam by most standard email security tools. The company that discovered the scam, Armourblox, believes the Russian company does not realise they are playing a part in the scam.
The “Play” button within the email will take the recipient to a website that will ask for the user to click on the “Allow” button which will prompt the user to confirm they are not a robot. Scams like these will often use some form of CAPTCHA to make them seem more legitimate. Once the user has don’t this the website will ask to install some software that turns out to be malware used to steal personal information.
Whilst the base email has some signs that it is not legitimate. Vulnerable people could well be fooled by this attack, leading to their information being used for other attacks or sold to the highest bidder.
The NCSC has published an in-depth look at how to spot and report phishing emails to them and what to do if you become a victim of these attacks.


WhatsApp will never send you emails about voice messages so if you receive them please delete them straight away or report them to NCSC.