A viral message is doing rounds on social media claiming that the good morning pictures and videos which people save and forward to others contain phishing codes designed to hack into the phone and steal personal data.
The message claims that this information was issued by the Shanghai China International News. It also states phone numbers which call people and steal their bank information and it advises against calling back on those numbers or receiving their calls in the first place.
Digiteye India also received the long message for fact-checking on its WhatsApp number.
We conducted a Google search to find out if Shanghai China International News had issued a notice of this sort to its subscribers as the message claims. It was found that there is no news outlet going by this name. Similarly, no other news organization has issued a notice of this sort on any platform.
Keyword search revealed that this message has been in circulation since 2017 and has been debunked and called a hoax many times. A giveaway is the grammatical errors in the message which make it hard for the reader to understand what the message is trying to convey. The numbers mentioned in the message as calls from terror organizations are tele-marketing numbers.
While it is true that malware can be embedded in images using steganographic techniques but it is not restricted to ‘good morning’ pictures or videos only. Steganography is the technique of hiding secret data within an ordinary, non-secret, file or message to avoid detection and it can be further protected using encryption. Any image or video or document downloaded from the internet can have malware which can harm your device.
Sentinel One blog talks how malware can be embedded in images by appending a string to the end of the file which does not change the external appearance of the image or show signs of being changed.
On email phishing, HowStuffWorks says: “Most phishing messages give the victim a reason to take immediate action, prompting him to act first and think later. Messages often threaten the victim with account cancellation if he doesn’t reply promptly. Some thank the victim for making a purchase he never made. Since the victim doesn’t want to lose money he didn’t really spend, he follows the message’s link and winds up giving the phishers exactly the sort of information he was afraid they had in the first place.”
India ranks as the fifth most targeted country in the world for phishing attacks. In June 2020, the Indian Computer Emergency Response Team or CERT-In issued an advisory on a phishing campaign designed by malicious sources. To protect oneself from phishing attacks, it is advised to keep the systems and the anti-virus software updated. Downloading images or videos or files from unverified sources or emails should be avoided. Our rating – Misrepresentation.