The tried-and-tested attack method appears to be a harmless email containing a link to a WhatsApp voice message.
But anyone clicking on the link is taken to a malicious website that attempts to install a virus on the victim’s device.
Cyber security researchers at California-based Armorblox report that nearly 28,000 mailboxes – across both Gmail and Microsoft’s Outlook program have been impacted by the ambush.
More worryingly, the company says the email attack comes from a valid Russian-based domain.
The experts say the ‘mailman.cbddmo.ru,’ domain is associated with an organisation known as the ‘Center for Traffic Safety of the Moscow Region’ – which is a part of the Russian Ministry of Internal Affairs.
The phishing email contains the subject line ‘New Incoming Voicemessage’ and is supposedly from a WhatsApp Notifier function.
The security researchers say that, although it looks authentic, it’s actually a trick.
‘Upon clicking the “Play” link in the email, recipients were redirected to a page that attempts to install a trojan horse JS/Kryptik,’ explained Lauryn Cash from Armorblox.
‘The Armorblox research team was able to observe this attack on multiple customer tenants across Office 365 and Google Workspace. The potential total attack exposure was close to 28K mailboxes.’
Targeting WhatsApp users and zeroing in on voice messages make sense given the staggering amount of users the service has.
Phishing is the term applied to kind of electronic communications scam that aims to obtain private information, or to spread harmful malware, via the recipient.
The phenomenon takes its name from fishing due to the parallels in unaware targets being reeled in by bait.
The term was coined around 1996, according to Computer World, as internet scammers began using e-mail lures, setting out hooks to fish for passwords and financial data from the sea of Internet users.
Hackers commonly replace the letter f with ph, a nod to the original form of hacking known as phone phreaking.
Voice messages are especially preferred by older family members who want to avoid typing or even communicating in another language.
Obviously, if you see this email (or one that looks like it) land in your inbox, don’t click the link.