Follow Us Facebook WhatsApp Google Profile links

Thiruvananthapuram: Kerala Police have issued a warning to businesses across the state about a new WhatsApp-based cyber fraud that targets companies and their finance departments by exploiting hacked accounts of trusted customers and suppliers.

According to a statement issued by the State Police Media Centre on Saturday, fraudsters are using compromised WhatsApp accounts belonging to customers or suppliers who regularly conduct financial transactions with businesses. They send malicious script files, often disguised as "account statements", to accounts department staff via WhatsApp. These files typically carry dangerous extensions such as .vbs.

Once the file is opened, malware is installed on the victim's computer, allowing cybercriminals to take complete control of the system. They then steal passwords and financial information stored in web browsers before hijacking the WhatsApp accounts of senior company officials.

Using these compromised accounts, fraudsters create fake conversations and instruct employees to transfer money urgently, making the requests appear genuine. Police warned that businesses could lose large sums of money by trusting such messages.

ADVERTISEMENT

Investigators also noted that malware-infected computers may automatically forward the malicious files to other business contacts and WhatsApp groups, helping the scam spread further.

Kerala Police have advised businesses and the public to verify any account statements or files received through WhatsApp by directly calling the sender before opening them. They also cautioned against downloading or running files with unusual extensions or those received through suspicious links.

ADVERTISEMENT

The police stressed that companies should never authorise fund transfers based solely on WhatsApp messages without an independent verification process.

If malware infection is suspected, users should immediately disconnect the affected computer from the internet by turning off Wi-Fi or unplugging the LAN cable. They should also avoid forwarding the suspicious files to other computers or mobile phones for examination and instead contact the nearest Cyber Police Station for assistance.

ADVERTISEMENT

Victims of online financial fraud have been urged to report the incident immediately by calling the national cybercrime helpline 1930 or through the National Cyber Crime Reporting Portal.

Google News Add as a preferred source on Google
Disclaimer: Comments posted here are the sole responsibility of the user and do not reflect the views of Onmanorama. Obscene or offensive remarks against any person, religion, community or nation are punishable under IT rules and may invite legal action.