URL Rendering Trick Enabled WhatsApp, Signal, iMessage Phishing

By   ISBuzz Team
Writer , Information Security Buzz | Mar 28, 2022 01:32 am PST

A set of flaws affecting the world’s leading messaging and email platforms, including Instagram, iMessage, WhatsApp, Signal, and Facebook Messenger, has allowed threat actors to create legitimate-looking phishing URLs for the past three years.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Daniel Schwalbe
March 28, 2022 9:32 am

While this vulnerability is particularly insidious due to its simplicity, it\’s not the first URL rendering issue to affect mobile devices. Between mobile browsers not showing full URLs in address bars, abuse of URL shorteners and hosting malicious content on trusted domains, mobile browsing is fraught with peril.

It\’s important to remember that just because apps tout \”end to end encryption\” and other privacy protection features, that does not mean that any content sent via the apps is automatically secure. At minimum, users should treat any unexpected messages from unknown senders with great suspicion. But really any links received over messaging apps can be problematic. Disabling \”link previews\” within the apps themselves also helps to limit exposure.

Another option to try and limit collateral damage is to use multiple browser applications on your mobile device. Set the default browser, the app that will open tapped links, to something not used for day to day \”manual\” browsing, so cookies and other sensitive information are not readily exposed.

Last edited 1 year ago by Daniel Schwalbe

Recent Posts

Would love your thoughts, please comment.x