(CNN Español) – Cyber attacks have been steady for years. In Latin America, it is no exception. From January to September 2020, there were 1.3 million ransom attacks recorded in the region, with Brazil and Mexico topping the list, according to the cybersecurity firm. Kaspersky.
According to our data, 55% of computers in the region still use Windows 7 and 5% Windows XP (systems that no longer receive technical support and are therefore more vulnerable to attacks), comments Santiago Pontiroli, Kasperksy security analyst, It is a statement.
In addition, the The rate of pirated software It’s 66%, nearly double the global average of 35%, which is causing a much higher vulnerability, Pontiroli adds.
WhatsApp, a target for cyberattacks
Although nearly 70% of these attacks target businesses, Kasperspky says, daily users remain exposed in a variety of ways.
The concern for users remains lurking because, within the cybersecurity trends of 2021, there are hijackings of WhatsApp accounts, which is the leading messaging app in 112 countries, including all of Latin America, according to the data set prepared by the software company. Zendesk.
Today (accounts have been seized) using social engineering (to request) the verification code received via SMS, “which controls the account,” The Karspersky Report About computer security trends for the current year.
“In the near future, this will be more attractive to WhatsApp Pay scammers,” he added, as the victim could make unauthorized purchases.
The most common WhatsApp attacks
In an interview with CNN, Kaspersky’s global research and analysis team director Dmitry Pestuzhev explained that in the previous case, the attacker had attempted to register the victim’s phone number on WhatsApp, which received a verification code via SMS.
Then the attacker calls the victim and tells him regularly that he has won something but needs the verification code to confirm his identity and then award him the prize.
“Using this code, he (the attacker) puts it on another device where he registers WhatsApp, and with that comes to control the account,” said Bestuzef.
“From that moment on, what the attacker would do is enable two-step authentication immediately and leave the victim without WhatsApp,” he added.
This is one of the most common ways to attack WhatsApp. But there is a second case that is also noticed on several occasions, according to the Kaspersky executive.
Another way to hijack the account is to clone the font. Here it is on the desktop version of WhatsApp. Remember, to activate it you need a QR code.
“ The victim is being asked to scan a QR code for any reason (rewards, trick that WhatsApp improves security and you have to scan the code so your streak doesn’t run out).
“The person with their cell phone can scan this code which they can get wherever they want (on a webpage, send it to the victim’s email). The victim scans it and the session will be cloned,” where they can spy on all of its content, says Bstozef.
The stakes are high. This is the reason for the increased need to protect your WhatsApp account. Here we give you four tips to help you do that easily.
Tips for protecting your WhatsApp account
1. Two-step verification
“Activate two-step verification and provide an email address in case you forget the PIN,” Paloma Zerman, WhatsApp’s Latin America Public Policy Director, said in an interview with CNN.
what is he talking about? You should go to your account, then go to the “settings” menu, then click on “account” and there you will see “two-step verification”.
You will have to choose a six-digit PIN. You will be prompted for this whenever you want to register your number on a new device, along with a verification code via SMS.
After entering the PIN, WhatsApp will ask you for an email in case the 6 digits have been forgotten and you need to restore them.
Bestuzhev notes that the ideal option is to have the option to put in a complex password instead of a PIN, but this two-step verification is necessary, along with a good password to protect your email from that aspect.
2. Don’t fall into a QR trap
If someone asks you to provide a typed code or scan a QR code, there’s a good chance it’s a scam, says Kaspersky’s manager. “You will never have to forward this code or verbally tell anyone about it,” he adds.
In this regard, Bestuzhev states that secure QR code scanners should be used.
“Before opening the file, (this scanner) tells you what it is and gives you the reputation of this link, if it is malicious or suspicious, and it won’t automatically take action to open the page,” he explains.
3. Do not share codes and pay attention to whom you are sharing the phone with
It is WhatsApp policy to never share your registration code (the one that comes to you via SMS when registering your account) or the two-step verification PIN with other people.
“We always tell our users not to share their WhatsApp verification code with anyone, not even their family or friends, because this could lead to someone accessing their account,” Szerman details.
Besides, it is a priority to be clear about who can and cannot access your physical phone as this will help you reduce the risks.
“Be careful who has physical access to the phone. If someone physically accesses a user’s phone, they can use their WhatsApp account without their permission,” he adds.
4. Advanced security options
Bestuzhev says these options won’t save your account from potential theft, but they do add additional security steps for privacy issues.
Regarding this issue, Szerman comments that the advanced security options in the case of WhatsApp are two-step verification and biometrics recognition.
The first one you already know is how to activate it. In the second case, you will need to go to the “Settings” section of your phone. It depends on the brand, but usually you should go to the “Security & Privacy” option and then to “Block apps”.
Once here, you will be able to specify the security PIN that will be prompted in the apps you decide to block and you will also be able to create a secret question to reset the PIN in case you forget it.
“These settings will not necessarily save the font, but the privacy is always good,” Bstuzef concludes.