top of page

Fake WhatsApp ‘voice message’ emails are spreading malware

A phishing campaign which impersonates WhatsApp’s voice message feature has been spreading information-stealing malware.

The attack starts with an email claiming to be a notification from WhatsApp of a new private voice message. The email contains a creation date and clip duration for the supposed message, and a ‘Play’ button.

The identity ‘Whatsapp Notifier’ masks a real email address belonging to a Russian road safety organisation. As the address and organisation are real, the messages aren’t flagged as spam or blocked by email security tools. Armorblox, who discovered the scam, believe the Russian organisation is playing a role without realising.

The ‘Play’ button will take the email recipient to a website which then asks them to click ‘Allow’ in an allow/block prompt to ‘confirm you are not a robot’. Once ‘allow’ is clicked, the browser will prompt to install software that turns out to be information-stealing malware.

While there are numerous ‘tells’ that this is a scam, these attacks rely on people missing the signs - perhaps because they are waiting for urgent or exciting news that could well be delivered by a voice message.

The NCSC has published guidance on how to spot and report scams, including those delivered by email and messaging.

Their top tips for staying secure online will help you keep your devices and information secure even if you do click on a scam, and you can also learn how to recover a hacked account.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page