Cybercrime is becoming more and more personal. This time Whatsapp is the main victim. Thanks to a procedure in which cyber-crooks are deceiving users. This is how they get their personal accounts in the instant messaging app. This according to research by the cyber security company Check Point.
In this sense, the procedure that gives access to Whatsapp accounts is simple. A user can transfer his account when changing devices. This possibility is what allows this crime to be carried out. When this situation of change of device occurs, the company sends an authentication code by SMS. This code is sent to the user’s telephone number. After receiving it, the customer must enter it on the new device. In this way the account is activated on the new device and it is possible to continue using your account despite having changed your phone.
How do they get Whatsapp accounts?
The way to attack the user is through the primary attack on one of their contacts. With this attack, the criminal obtains all of the contacts of this secondary victim and thus obtains the number of the account he wants to steal. After obtaining the number in question, he proceeds to activate the account on a computer he has at his disposal.
To do this, he requests the sending of the SMS authentication code according to the process suggested by the application. When the code reaches the user who owns the account, the attacker poses as a trusted contact. Later, he writes to him requesting the code that arrived on his phone. This request is made under the pretext that there has been a mistake in the sending and that is why it has reached your phone. When the user trusts the contact making the request, he sends him the code. In this way, the criminal takes possession of the Whatsapp.
In addition to taking over the Whatsapp account, this attack enables other equally serious attacks. For example, sending messages with links containing malware to the user’s contacts. It is also possible to infect the phone in order to access applications or personal movements. Similarly, it is possible to introduce banking Trojans to steal data.
Cyber attack can steal your Whatsapp account
To prevent this attack, it is essential to activate the two-step account verification function. On the other hand, if you are a victim of this crime, it will be necessary to notify Whatsapp about the theft so that they can deactivate the account at that reported phone number. It will also be crucial to notify the relevant authorities so that they can investigate the situation and not increase the number of victims of the attack.