Madrid
save
Messaging apps don’t just store a large amount of information about the user. They also give access to your contacts. During the last months, an increase in attacks to steal the accounts of WhatsApp by using SMS-type messages. To do this, criminals often use “phishing”, which is the name of attacks in which they impersonate a third party, whether by mail, message or other messaging service, to deceive the victim and steal personal information . ABC explains how this particular scam works so you know how to recognize and avoid it.
This is how the attack works
For these attacks to take effect, cybercriminals start by sending a first message through the messaging application itself to the victim in which they pose as the company’s technical support team. After this, the criminals explain that a WhatsApp account has been registered with the same phone number. In order to verify that the person you are talking to is the owner of that account, they ask you to forward a security code to them that you will receive in a few minutes by means of an SMS.
In this case, the problem lies in the fact that the code that the user is going to receive through a message is that of verification of the application, since the criminals, they have previously tried to log into the app with their phone number. In case you finally send that number, you will lose control of the account, which will remain in the hands of the attackers.
From there, they can communicate with the entire contact list of the victim impersonating her without anyone being able to suspect anything. This can allow them to steal more accounts by repeating the process or even infect devices of the rest of users using some type of malicious code. And, the options for social engineering when an attacker steals a WhatsApp account are very high. “This is a very smart attack, because cybercriminals use the company’s own security measures to turn them into a vulnerability,” said Hervé Lambert, head of global operations at the Spanish cybersecurity firm, in a statement. Panda Security.
How to avoid it
The popularity of WhatsApp has made it the number one target of many cybercriminal networks. But it is also something that “amateur hackers” try who do not even know how serious it is to intercept a private conversation in any application. Therefore, certain preventive measures must be taken. In addition to having a antivirus, it is important to have the two-step authentication. Likewise, it is essential to understand that a company such as the messaging “app” you will never notify a problem of this type to the user through a message by WhatsApp. And it will not ask you for any code.
“Never share your registration code or PIN for two-step verification with other people,” the application firmly maintains from its own page. WhatsApp also remembers that if you receive an email to reset your 2-Step Verification PIN or registration code, but you didn’t make this request, don’t click the link. Someone may be trying to access your phone number on WhatsApp.
See them
comments
– .