The biggest share of detected malicious links between December 2020 and May were sent via WhatsApp (89.6 per cent), followed by Telegram (5.6 per cent), according to data shared by Kaspersky Internet Security for Android, part of the cyber security firm Kaspersky Lab.
Messaging app Viber was in third place with a share of 4.7 per cent and Hangouts had less than one per cent share.
Countries experiencing the highest number of phishing attacks were Russia (46 per cent), Brazil (15 per cent) and India (7 per cent).
"Statistics show that phishing in instant messenger apps is still one of the most popular tools among scammers. This is partly due to the wide popularity of these apps among the audience, as well as the ability to use the built-in functionality of applications to carry out attacks," said Tatyana Shcherbakova, Senior Web Content Analyst at Kaspersky.
In a phishing attack, a cybercriminal sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker, or to deploy malicious software on the victim's infrastructure like ransomware.
Sometimes, it can be difficult to determine whether an attack is phishing, as the difference can be just one character or a minor mistake.
"Vigilance combined with anti-phishing technologies form a reliable tool in the fight against phishing in messenger apps," Shcherbakova said in a statement.
According to researchers, messenger apps outstripped social networks by 20 per cent in 2020 in terms of popularity among users, and became the most popular tool for communication.
In 2020, the global audience for messenger apps reached 2.7 billion and by 2023, it is expected to grow to 3.1 billion.
The Kaspersky team recorded 91,242 detections globally between December and and May.
Telegram had the least amount of detections, but was similar in geography to WhatsApp.
The biggest number of malicious links were detected in Russia (56 per cent), India (6 per cent) and Turkey (4 per cent).
In terms of the number of phishing attacks recorded per user on WhatsApp, Brazil (177) and India (158) led the way.
Scammers often use WhatsApp and other messengers to communicate with users who were found on a legitimate resource (for example, various marketplaces and accommodation booking services) and also use them as a method of communication in malicious messages.
"Even if messages and websites look real, the hyperlinks, most likely, will have incorrect spelling, or they can redirect you to a different place," the researchers noted.
Even if a message or letter came from one of your best friends, remember that their accounts could also have been hacked.
"Remain cautious in any situation. Even if a message seems friendly, be wary of links and attachments," they advised.