Yesterday several WeChat official accounts were hacked through a phishing scam. Read on to find out how does the scam work and what you can do to protect against it.
WeChat Phishing Scam Steps
1. First the hackers make a complaint against their target victim’s account.
When filling out the WeChat complaint form there is an option for the hacker to add a description of their exact complaint (see example below).
2. The account will receive a notification of the complaint.
The hackers write their complaint description so it appears to be an instruction from the WeChat team. There is a web address which they ask the account holder to open:
Please resolve this complaint within 1-7 working days (copy the web address and open in a browser to resolve the complaint) http://mp.weixin.dy139.cn/componentloginpage…
3. The link address is a phishing website designed to look the same as an official WeChat page. Once an account holder inputs their username and password into the fake phishing page they have given the hackers the information to access their official account.
WeChat official accounts admin platform’s real address is mp.weixin.qq.com.
The phishing site’s address was mp.weixin.dy139.cn
4. Now the hackers can access the account and send messages to the followers.
Hacker’s message: A reward is here, click her to unlock
In this example, the message leads to an empty article (see below) with an enticing title encouraging the user to follow the new account.
Thus it seems that the hackers are trying to drive followers from the hacked accounts to their own WeChat account.
Safety Tip for WeChat Official Accounts
For those who run official accounts to protect against further WeChat scams we recommend go to the security center (安全中心) and change the protection settings (风险操作保护) on your account to add an extra layer of security authentication(admin QR code scan) when logging in.