If a few days ago the National Cybersecurity Institute alerted a new scam he used WhatsApp and Bizum To steal money from the contacts registered in the app, now we have A new variant.
The tactic that recounted the Infibe, from the testimony of a victim who had contacted the agency, consisted of Steal the account using the screen sharing method. That is, use any excuse for the target user to share the screen of his mobile with the scammer, who obviously hides his identity, and steal the account taking advantage of the security code, visible on the shared screenthat comes when they try to install their account on another device. Once obtained, the attacker, Under the identity of the victimis dedicated to perform Money requests urgently by Bizum.
A similar strategy has suffered the businessman Sascha Badeltwho has reported his case in a publication in LinkedIn. What differs in this case is the way to steal the account to try to get the money to the contacts you have.
Badelt, which took 48 hours to recover it After the incident, he explains that the attack He started with the message of a contact with which he had spoken shortly before. What he did not know is that, at that time, They had stolen his account And he was dealing with the scammer who was also going to take his.
Good afternoon, I need you to do me a favor
So when on Monday he told him ‘Good afternoon, I need you to do me a favor’ Together with a two -handed emoji begging, Badelt, busy with his tasks, He didn’t suspect anything.
‘I changed mobile and I am trying to transfer my WhatsApp to the new mobile and the code does not arrive. Can I send my code to your mobile and did you forward me? ‘explained the cybercrime. ‘Clear’Badelt replied.
The code referred to by the attacker is the one who Goal sends to user phone number who is installing WhatsApp to confirm his identity, and his obtaining allows him Take control of the account by installing it on another device. Badelt I had no verification in two steps of WhatsAppthat would have fought to fall into deception, since the telephone pin or biometric identification requires that they are not available to the scammer.
After losing the account, his contacts began to receive Money requests through Bizumof which he convinced a number of people that the businessman does not need. ‘Thank you for the trust and I will help you all to recover the money (the banks manage it with Bizum)!’says Badelt.
Badelt’s story is another example of How easy it turns out to be deceived through modern platforms such as WhatsApp and of the need to take advantage of all security tools They provide, such as two steps verification.