In recent months a Increase in a WhatsApp accounts theft mode that does not require the victim to click any link or download fileswhich uses the voice mailbox as an access road.
He National Cybersecurity Institute (INCIBE) has warned of this new method, based on social engineering, which takes advantage of a common carelessness to take full control of a WhatsApp account and supplant the victim before her own contacts.
The procedure Start when cybercriminals try to register the victim’s phone number on a different device. WhatsApp then sends a Verification code by SMS or call, as part of the usual process.
If the message is not received (for example, if the user does not answer), The application can offer the option to send the code by voice call. At this point, if the victim has the voicemail active and does not respond to the call, the code is automatically recorded in the mailbox.
Taking advantage that Many people do not have a safe pin in their mailbox, The scammers try access him by calling the victim’s number from another device. If they manage to enter, they recover the message with the verification code and, with it, they manage to get the WhatsApp account without the user having interacts with anything.
Once criminals are made with the control of the account, They can impersonate the victim in their individual conversations and groups, with the aim of carrying out new scams. In many cases, they request money from contacts or disseminate malicious links from an apparently trustworthy account.
From WhatsApp they warn that, Once the account on another phone is recorded, the victim’s session closes automatically. That is why it is essential to act quickly as soon as an unauthorized use is detected.
The most classic method: deception by direct message
In addition to the voice mailbox method, The most common type of fraud remains the attempt to directly deceive the victim to share the verification code that receives by SMS. A typical message can be: “Hello, I’m sorry. I sent you by mistake a 6 -digit code for SMS. Can you pass it to me? It’s urgent”.
Once the person facilitates it, he loses control of his account. Therefore, you should never share the six -digit code received by SMS with anyone, not even with friends or family, as Infibe recalls.
If cybercriminals have managed to access your WhatsApp account, the application support page recommends registering it again as soon as possible with your phone number. You will receive a new six -digit code And, once introduced, the session will be automatically closed on the device where the intruder has logged in.
In some cases, If the scammer has activated the two steps verification, you will not be able to access immediately and you must wait up to seven days to do it without the pin. At that time, you cannot recover the account.
It is also important to contact your mobile operator to block the SIM card, if you have lost your mobile, and Check what sessions are open from WhatsApp Web or Desktop To close unauthorized accesses.
Europa Press