--- title: "Voice Phishing: Surfacing of a New Cyber Threat on Whatsapp | Phish Protection" description: "Voice Phishing: Surfacing of a New Cyber Threat on Whatsapp: Researchers at Armorblox found a malicious campaign that targeted WhatsApp users. The attackers." image: "https://phishprotection.com/og/blog/voice-phishing-surfacing-cyber-threat-whatsapp.png" canonical: "https://phishprotection.com/blog/voice-phishing-surfacing-cyber-threat-whatsapp/" --- Quick Answer Researchers at \[Armorblox\](https://www.bleepingcomputer.com/news/security/whatsapp-voice-message-phishing-emails-push-info-stealing-malware/) found a malicious campaign that targeted WhatsApp users. The attackers have reached over 27,660 email addresses through targeted phishing attacks appearing to be from WhatsApp. When receiving attachments over email, you might be tricked by the threat actor into downloading other forms of malicious software. The following sections discuss more details about the latest phishing scheme. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fvoice-phishing-surfacing-cyber-threat-whatsapp%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Voice%20Phishing%3A%20Surfacing%20of%20a%20New%20Cyber%20Threat%20on%20Whatsapp&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fvoice-phishing-surfacing-cyber-threat-whatsapp%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fvoice-phishing-surfacing-cyber-threat-whatsapp%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fvoice-phishing-surfacing-cyber-threat-whatsapp%2F&title=Voice%20Phishing%3A%20Surfacing%20of%20a%20New%20Cyber%20Threat%20on%20Whatsapp "Share on Reddit") [ ](mailto:?subject=Voice%20Phishing%3A%20Surfacing%20of%20a%20New%20Cyber%20Threat%20on%20Whatsapp&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fvoice-phishing-surfacing-cyber-threat-whatsapp%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/04/phishing-attack-prevention-4796.jpg) Researchers at [Armorblox](https://www.bleepingcomputer.com/news/security/whatsapp-voice-message-phishing-emails-push-info-stealing-malware/) found a malicious campaign that targeted WhatsApp users. The attackers have reached over 27,660 email addresses through targeted phishing attacks appearing to be from WhatsApp. When receiving attachments over email, you might be tricked by the threat actor into downloading other forms of malicious software. The following sections discuss more details about the latest phishing scheme. ### What is Voice Phishing? Voice phishing, or vishing, has been a growing cyber concern. These scams are carried out by the malicious actor sending a voice note over different media that directs an individual to a webpage. This webpage either encourages them to download applications that can turn out to be [malware](/content/protection-against-ransomware/how-to-protect-your-computer-from-malware/) or asks them to _enter their debit or credit card details_ by offering them a service or product. These web pages, which is a domain controlled by the attacker, can **look genuine enough** to fool you unless you are paying close attention to the website’s hyperlink. The malware downloaded by following these voice notes given by the attacker can also store sensitive information, like your financial credentials, or auto-download other applications that can cause harmful changes in your local device. ### The Whatsapp Vishing Attack Pattern Recently, the attackers have started using WhatsApp’s popular messaging application to carry out vishing scams. _WhatsApp introduced the voice messaging feature back in 2013_, enabling the users to send and receive voice notes from their contacts. Recently this feature received an update where the users can send and receive private messages in group chats. Once someone sends you a private message, you will receive a notification via email about the voice note message and the embedded voice note. Cybercriminals utilized this feature by disguising themselves as an official **WhatsApp notification**. They would then send an email from a hacked official account that your email account would not flag. This email would have a “allow browser notification” link embedded in the email that gives you the access to play the voice note directly. The email would also carry the time duration of creating these emails to make them look authentic. The “allow notification” link embedded in the email would direct you to the domain controlled by the attacker. This domain then prompts the user to click on the “allow the browser to show notification” settings to prove that they are not a robot. Although this is sufficiently triggering for the ones who are careful, the ones who are not careful might fall for the scheme. Once you click on the “allow notification” options, _you will receive notifications for adult websites and advertisements_. It might also auto-download a payload that can steal your information that the cyber-attacker can use for personal benefit or sell it to someone else. ### What Is the Impact of Vishing? ![Phishing attack prevention](https://media.mailhop.org/phishprotection/images/2022/04/phishing-attack-prevention-4796.jpg) In 2021 alone, [over 50 million American citizens](https://www.cnbc.com/2021/06/29/americans-lost-billions-of-dollars-to-phone-scams-over-the-past-year.html) fell victim to vishing scams **carried out over calls**. The numbers showed the susceptibility of the population to such attacks. The cyber attackers employ clever techniques and social engineering patterns to carry out the [phishing scam](/resources/dont-guard-down-avoid-phishing-scams-simple-steps/). [In 2018](https://krebsonsecurity.com/2018/10/voice-phishing-scams-are-getting-more-clever/), Cabel Sasser, founder of Panic Inc., reported almost falling victim to a vishing attack. The cybercriminal had managed to make Sasser reveal his CVV and card pin by pretending to be from his bank. These attackers use a _clever combination of technology and human skills_ to develop plans that can work best to target individuals. Although most vishing scams are directed toward the general population, some are targeted at specific individuals. These schemes are designed to generate a reaction from the individuals to get them to yield sensitive information like their bank or card details. ### Protection From Vishing An increasing number of vishing attacks calls for the need to [learn how to protect yourself](/products/phishing-awareness-training/) from such attacks. You can protect yourself from vishing attacks by adopting basic [cyber hygiene](/content/phishing-awareness-training/). ![Phishing email prevention](https://media.mailhop.org/phishprotection/images/2022/04/phishing-email-prevention-2475.jpg) - \_**Check Messages Directly:** \_Instead of clicking on links embedded in emails, it is always better to check the messages directly. Although some emails might be genuine, some of them, not just related to vishing but also [email phishing](/content/stop-phishing-emails/report-phishing-emails/), can lead to threat actors launching further cyberattacks using the phishing email as a gateway. So instead of clicking on email links, check your message on the app directly. If you have not received the message now on the app, then there is a high chance that the email containing the WhatsApp notification is dubious. - _**Check the sender details:**_ If you have received a WhatsApp email from an address that is not even remotely related to WhatsApp, it would be _wise not to click on the link_ provided in the email. - \_**Do not give your card/bank details:** \_Even if you receive a note that seems to be from a financial organization, do not reveal your bank details. No financial organization asks for your bank details, CVV, or ATM pin. - _**Read the instructions carefully:**_ If you do land on a webpage, read the instructions carefully instead of simply clicking on the options. While clicking on these options, you might click on a harmful link disguised by the cyber attacker, which might download trojans and payloads on your local device. ### Final Words Although vishing scams are increasing and cybercriminals are coming up with new methods to attack, it is easy to **prevent such frauds** from becoming successful. One can avoid becoming prey to such attacks and suffering a financial loss with a few simple precautions as given above. ## Topics [ Phishing ](/tags/phishing/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 4m 13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[ Foundational 4m All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[ Foundational 4m 2021 Phishing Trends You Need To Be Wary Of Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Voice Phishing: Surfacing of a New Cyber Threat on Whatsapp","description":"Voice Phishing: Surfacing of a New Cyber Threat on Whatsapp: Researchers at Armorblox found a malicious campaign that targeted WhatsApp users. The attackers.","url":"https://phishprotection.com/blog/voice-phishing-surfacing-cyber-threat-whatsapp/","datePublished":"2022-04-26T16:17:14.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-04-26T16:17:14.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/voice-phishing-surfacing-cyber-threat-whatsapp/"},"articleSection":"foundational","keywords":"Phishing","wordCount":914,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/04/phishing-attack-prevention-4796.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Voice Phishing: Surfacing of a New Cyber Threat on Whatsapp","item":"https://phishprotection.com/blog/voice-phishing-surfacing-cyber-threat-whatsapp/"}]} ```