Attacks on the theft of WhatsApp accounts continue to spread. In the past, cybercriminals have resorted to scams such as advertising testing, inviting a VIP party or event and stealing a victim’s photo and cloning accounts.
The best way to avoid this type of fraud is to enable two-step verification, where the user generates the unique password requested at the time of installing the application.
Apparently, this evidence eventually became popular, but not because Kaspersky researchers discovered a plan to block this protection through the use of social engineering and the appeal of the application support area.
The scam begins with a call to the victim, where the perpetrators pose as representatives of a health organization and ask them to conduct a survey on Govt-19.
At the end of the questions, the fraudster asks the victim to share the code sent to his cell phone, records his participation in the survey and prevents the company from calling him back.
The whole situation has a clear goal: to share the six-digit code sent via SMS to the victim, which is actually the code that the application sends to activate the application on the new phone. If the victim does not pay attention to the message and hands over the code, their account may be stolen.
The novelty of fraud arises when the fraudster finds that dual authentication is enabled on the victim’s account. When this happens, the fraudster calls the victim again, but this time impersonates the support app of the news app on the pretext that the malicious activity has been identified on the account.
The victim is instructed to check their email and search for the message with a link that allows them to re-register for dual authentication.
However, by clicking on the link, the security of two factors is disabled, which allows criminals who already have a temporary activation code to steal the victim’s account.
What surprised Kaspersky experts the most was that the victim received a formal email from WhatsApp entitled “Two-Step Verification Reset” with a link that disables this protection.
Want to do?
To avoid being victimized, Kaspersky recommends:
– Enable two factor authentication (six digit code) in WhatsApp. To create this: Go to the menu and select “Settings” in the top right corner and enter the “Settings” option. Then click “Account” and select “Two-Step Verification” and create a six-digit code that will be your dual authentication code.
– Request to remove your phone number from the list of applications that recognize calls. Scammers can use these lists to find your name and your number.
– Never disable two-factor authentication unless you need to forget the password and change it.