WhatsApp account theft attacks are spreading and continuing. In the past, cyber criminals have launched scams using tactics such as checking ads, inviting a party or VIP event, and cloning accounts by stealing the victim’s photo.
The best way to avoid these types of scams used is to activate two-step verification, in which the user creates a personal password that is requested at the time of installing the application.
Apparently, this resource has finally become popular, but not for its intended purpose as Kaspersky analysts just discovered a scheme that, through the use of social engineering and application support area request, circumvents this protection.
Fraud begins with a call to the victim, as criminals pretend to be representatives of a health institution and request a survey on Covid-19.
At the end of the questions, the fraudster asks the victim to share the code that will be sent to his mobile phone to register his participation in the survey and prevent the organization from contacting him again.
The entire staging has a clear goal: get the victim to share the six-digit code that is sent via SMS, which is actually the code that the app sends to activate the app on a new phone. If the victim does not pay attention to the message and submits the code, their account may be stolen.
The novelty of the fraud arises when the fraudster discovers that the victim’s account has double authentication enabled. When this happens, the fraudster contacts the victim again, but this time impersonating the messaging app support team, arguing that malicious activity has been identified on the account.
The victim is asked to check his email and look for the message containing the link that will allow him to register again for double authentication.
However, by clicking on the link, the binary protection is disabled, allowing criminals, who already have the temporary activation code, to steal the victim’s account.
What surprised Kaspersky’s experts the most was that the victim received a legitimate email from WhatsApp titled “Two-Step Verification Reset” with a link disabling this protection.
What to do
To avoid falling victim, Kaspersky recommends the following:
Enable two-factor authentication (six-digit code) in WhatsApp. To create it: Go to the menu and select “Settings” in the upper right corner and enter the “Settings” option. Then click on “Account”, select “2-step verification” and create a six-digit code, which will be your double authentication code.
– Request that your phone number be removed from lists of applications that identify calls. Fraudsters can use these lists to find your number from your name.
Never disable two-factor authentication unless you forget your password and need to change it.
“Proud web fanatic. Subtly charming twitter geek. Reader. Internet trailblazer. Music buff.”