Cybercriminals have been adapting their decoys to the social and health situation caused by Covid-19, when the population is even more vulnerable. He hacking WhatsApp accounts, that in October already forced the National Police to broadcast a alert to prevent deception, returns to leave several victims in Malaga. The fraud is the same. Scammers spoof the identity of one of the contacts to ask the chosen user a verification code that supposedly belongs to him. Making it easy means losing total control of the application. The Cybercrime Group of the provincial police station tries to discover who is behind these thefts and warns that in some countries the usurpers are already asking economic bailouts to recover the account and, with it, all the valuable information that is usually stored. “There are those who use WhatsApp at a business level, have contacts with many clients and are interested in paying a ransom for the hijacking of the account,” warns one of the policemen who pursue these cybercrimes in a statement to this newspaper.
In Spain, to date, there is no knowledge that the authors have given these hacks “useful”, which in the case of Malaga have meant several complaints in just a few days during the month of December. These are scams that come from afar. The first alarm about the theft of a WhatsApp profile came last summer, although, in the words of the researcher consulted, no complaint was filed. But the officers detected that criminals used their own security measures of the messaging app to turn them into a vulnerability.
The “two-step verification” function, key against scams
The modus operandi was similar in the cases that subsequently continued to be registered. The concern was such that the Internet Security Office launched an alert to prevent users from providing the verification code and advised activating on WhatsApp the “two-step verification” function, that supposes a double factor of security.
In October the first complaints arrived in Malaga and it was when the Police Station issued a notice in which it explained that through this type of phishing, the hacker, who previously posed as one of the victim’s contacts, download the messaging application and enter the phone number of the account you intend to steal. The app, to ensure that the person who wants to access is the real owner of the profile, sends a verification code, via SMS, which is essential to access the platform.
–
Later, the victims receive a message on WhatsApp, supposedly from one of their contacts, in which they indicate that they have mistakenly sent a code by SMS, asking you to provide this password through the app. Behold the fraud. “In December several people fell again. All online scams use social engineering, that is, they seek deception so that the user is the one who voluntarily provides their data, whether they are banking or a password, ”they emphasize from the Cybercrime Group.
Thus, the Police also recommends having a multi-digit personal password that only the owner of the profile knows. In this way, the attacker “would have to have two pieces of information, when the normal thing is to get only one”, the researcher emphasizes.
In the event that the WhatsApp account has been hijacked, the expert stresses that its reactivation, though until after seven days it will not be effective. The application reminds on its website the importance of end-to-end encryption, through which messages are secured with a padlock. Thus, only the sender and the recipient have the “Special key” to unlock them and read them, without the need to activate settings or “create special secret chats to secure messages.”
– .