See how this new WhatsApp scam steals your verification codes
Remote communication tools are especially useful today and, although there are multiple attractive options, remains the most popular service worldwide (with over one billion active users). This huge popularity also poses a disadvantage, as mentioned by experts of a mobile hacking course, as threat actors are always trying to take advantage of the millions of users of this platform with scams and fraudulent messages.
Recently a new scam was detected in which malicious hackers try to fake the verification codes that users of the platform receive when creating a new account or recovering their information on a new device, aiming to gain access to the victims’ phones. Users should remain alert, as the possibility of receiving a malicious message via WhatsApp is considerably high.
As mobile hacking specialists say, WhatsApp does not send messages to its users through the platform (except when sending verification codes via SMS). In cases where the company wants to share information with users, it is always done through its official Twitter account or on its business blog, which are very easy to identify. However, many users ignore this, so hackers came up with the thought of using a phone number to create a WhatsApp account and send messages impersonating an employee of the platform; cybercriminals even use a WhatsApp image as a profile picture.
In the message, written in Spanish, the hackers mention to the victims that their account needs to be verified: “We inform you that someone recently registered for a WhatsApp account using their phone number, we cannot determine if the login is legitimate”; Although this is clearly a scam, many users could fall into the trap.
The experts of the mobile hacking course recommend that WhatsApp users try to identify any indications of suspicious activity, such as poor wording of the message or the unrecognized number. WhatsApp is an encrypted platform, so under no circumstances will users be asked to share verification codes or personal data with alleged support employees.
To prevent these attacks, the International Institute of Cyber Security (IICS) recommends enabling two-factor verification (2FA) in the Settings section of your WhatsApp account, which will add an additional layer of protection in case of verification code theft. Multi-factor authentication is an essential measure to prevent phishing attacks and illegitimate logins.
Originally published at https://www.securitynewspaper.com on May 28, 2020.