Image: iStock/weerapatkiatdumrong

New data from Kaspersky reveals that messaging apps for Android devices are wildly popular targets for phishing scammers. Of all the phishing attempts on Android messaging platforms between December 2020 and May 2021, WhatsApp led the pack with a whopping 89.6% of detected attacks.

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

According to research cited by Kaspersky, messaging apps are overtaking social media platforms as the most popular tool for communication, and will continue to do so in the years to come. With that in mind, it’s understandable that cybercriminals are increasingly turning to them as a space to seek phishing victims, said Kaspersky senior web content analyst Tatyana Shcherbakova. Along with popularity, many messaging apps also have features that make phishing easier for attackers, Shcherbakova said.

WhatsApp, as stated above, is the overwhelming leader by volume of detected malicious links. In second place was Telegram, with 5.6%, Viber, with 4.7%, and Google Hangouts with less than one percent. Users in Russia, Brazil and India were the most frequent targets.

The detections of malicious links in WhatsApp, Telegram, Viber, and Google Hangouts were made on devices with the version of Kaspersky Internet Security for Android that featured a new Safe Messaging feature that tries to prevent users from opening malicious links. During the period of the study Kaspersky recorded 91,242 detections.

Kaspersky said that WhatsApp is the most popular app on the planet, which may be the reason for its high numbers. Telegram, interestingly enough, has a similar geographic distribution as WhatsApp but far fewer detections, Kaspersky said.

SEE: Security incident response policy (TechRepublic Premium)

Viber and Hangouts, the report noted, had very different geographies, with most attacks on Viber users coming from Russia, and most Hangouts detections coming from the U.S. and France.

Regardless of where you are or what app you’re using, the ability to detect phishing attempts is an important skill to develop. Kaspersky recommends that everyone online take the following steps to avoid becoming a phishing victim:

  • Keep an eye out for misspellings or irregularities in links
  • Scammers will sometimes use a victim to send links on their behalf to make them look more legitimate. Don’t send suspicious links or links from people you can’t verify.
  • Scammers mask themselves by pretending to be from a legitimate business, and some of them contact targets by finding their information from legitimate sources. Sources may seem legitimate, but the links they send will still contain misspellings and other red flags.
  • Messages coming from friends or other people you know could still be malicious. Accounts can be hijacked, and forwards from malicious sources can happen on accident, so always be wary of links and attachments.
  • Install a security solution on a mobile device. Even if the device itself is reasonably protected from takeover, fishing links and malicious applications can steal information stored on the device.