06/10/2025

LYFE MONDAY | OCT 6, 2025

22

T HERE is a new phishing campaign targeting WhatsApp users through a fraudulent voting scheme, according to Kaspersky. This attack lures victims with a voting page allegedly featuring young athletes, but other voting topics are being exploited as well. The method can be easily tuned for different scenarios, with the ultimate goal being the hijack of WhatsApp accounts. The scam begins with users being directed to a seemingly legitimate webpage claiming to host a voting contest. For instance, the page can feature photos of athletes, each accompanied by a “Vote” button and real-time counters displaying alleged vote totals and the number of users who have participated. These elements create a false sense of authenticity, encouraging user engagement. The page also claims that anyone can participate in

WhatsApp account hijacking scam

include voting are very popular now and this is used by attackers who exploit trust in this seemingly harmless activity. By combining social engineering with convincing fake interfaces, attackers are weaponising user engagement to steal sensitive data. Awareness and vigilance are critical to staying safe,” said Kaspersky web content analyst Tatyana Shcherbakova. To be protected from such hijacking scams, Kaspersky recommends: 0 Enable two-step verification Activate WhatsApp’s two-step verification feature to add an extra layer of security, requiring a PIN for account access. 0 Verify website authenticity Avoid entering personal information on unfamiliar websites, especially those reached via unsolicited links. Always check the URL for legitimacy. 0 Never share verification codes WhatsApp will never ask for your verification code. Do not share or accept it from anyone, even if prompted by a seemingly trusted source. 0 Use trusted and proven security software to detect and block malicious websites and links.

that encourages users to “quickly and simply” authorise via WhatsApp. Users are prompted to enter their WhatsApp-associated mobile phone number. Attackers then use the WhatsApp feature to login into the messenger’s web interface via a one-time code: they input the victim’s phone number to login to WhatsApp Web and the system gives out a 6-digit code which the scam website then mirrors. When the user inputs this code in the app on their smartphone, the web session that the attackers initiated goes live, allowing them to spy on the victim, write messages and eventually take over the account. “We see that online contests that

o New phishing effort lures victims with fraudulent voting scheme featuring athletes

the contest after “authorisation”, with winners getting prizes from “sponsors”.

Upon clicking either “Vote” or “Authorise” buttons, users are redirected to a fraudulent webpage

A verification code from WhatsApp mirrored by the attackers.

A fraudulent webpage offering to authenticate via WhatsApp.

Fake voting page.

TikTok urges users to #ThinkTwice in push for online safety TIKTOK Malaysia has expanded its #ThinkTwice digital literacy initiative this year with simplified access to additional resources on scam prevention through its multilingual in-app knowledge hub, search banners, short videos, creator content and upcoming series of industry dialogues. The in-app knowledge hub is now available in more languages, changing. Education is key and we are empowering Malaysians with the knowledge and tools to combat scams together through #ThinkTwice,” TikTok Malaysia head of public policy Firdaus Fadzil said. TikTok’s digital literacy initiative encourages Malaysians to pause, prevent and protect. Pausing represents taking a moment to reflect and refrain from activities that violate TikTok’s community guidelines and local laws. Prevention means

TikTok Malaysia’s #ThinkTwice infographic.

including English, Bahasa Melayu, Mandarin and Tamil. This initiative aims to spread awareness across millions of users nationwide through a multi-pronged approach in collaboration with the Royal Malaysian Police (PDRM), Malaysian Communications and Multimedia Commission, Securities Commission Malaysia and other key government agencies. “Online safety is a shared responsibility. It requires collaborative and continuous efforts across all segments of society. This is especially true in the case of scams as the modus operandi of cybercriminals are constantly

proactively deploying TikTok’s safety features and tools from local authorities to identify red flags. Protection rallies the community to keep each other safe by reporting potentially violative activities. “Most of the scams can, in fact, be prevented. Among the most prevalent in Malaysia are investment scams, phishing, phone scams, job scams, love scams and loan scams. There are readily accessible tools to assist the public in detecting such threats, including PDRM’s Semak Mule portal. Strengthening the nation’s scam prevention ecosystem requires

the concerted involvement of the public and private sectors. In this regard, TikTok’s support in enhancing public awareness is most timely and greatly appreciated,” PDRM director of the commercial crime investigation

department Datuk Rusdi Mohd Isa said. Malaysians can easily access the knowledge hub by searching #ThinkTwice or relevant keywords on the TikTok app. It features four main

pillars of information, mainly scam prevention tips using publicly available tools from key government agencies, TikTok’s community guidelines, TikTok’s safety features and helplines to local authorities.