What is the weakest link in IT security and the confidentiality of our data? The people. You can have the most secure system in the world, but if you can trick someone who already has access to let you in, it doesn’t matter.
This is why many data theft techniques focus not on breaching systems but on deceiving people. Sometimes it’s easier and with little effort it can be semi-automated. This is the case of a new scam, which is not really new, it has been done for years in other countries. But his practice has recently spread to Spain and Latin America and he took many by surprise.
So much so that the police of Catalonia, Mossos d’Esquadra, have warned against these fraudulent messages and the danger they represent, as they will take away your access to your accounts and you will lose a lot of your data, social networks or even access to your bank accounts.
The attack increased in early 2020 but throughout the year, with the pandemic and with so many people at home, it has spread a lot more.
How the new WhatsApp scam works
It’s as simple as it is effective. You receive a message from a contact you know and just say, “Hello. Sorry. I sent you a 6-digit code by text message by mistake. Can you send it to me? It is urgent”.
Social engineering phishing phishing is one of the oldest hacking techniques in computer security.
It is a phishing technique by doing social engineering through identity theft. Attackers seize account phone numbers Whatsapp who wish to obtain and activate the verification process, which sends an SMS.
The attackers then pass themselves off as an acquaintance of the victim, using a WhatsApp account that they have already violated and over which they already have control. The latter is what makes many people do not suspect that this is an attempt at social hacking. And many, as is normal, fall.
This same practice could be used to try to access other accounts, not just that of Whatsapp. Since other services, including banks, use SMS verification, it is relatively easy to access.
This is why it is so important to be very careful and never send SMS verification numbers to other people, even if they are contacts we know, because it could be an attacker pretending to be someone else.
How to recover your account if you are the victim of this scam
There is a solution for those who have succumbed to this type of phishing scam in an attempt to impersonate their identity. Fortunately, the very technique used to steal an account is what makes it easier to recover it.
Due to the fact that Whatsapp associates a person and their account with the phone number, just restart the process of connecting to our WhatsApp and ask them to resend the verification code by SMS. Enter it and regain access.
We also recommend enable two-step verification to increase security and prevent this from happening, because even if a third party gets the six numbers from the SMS, they will not be able to access the account because they do not have the second password.
Learn more about this topic
–