A new WhatsApp scam uses one of the oldest techniques in computing: social engineering. It's easy to avoid, but be very careful!
What is the weakest link in computer security and the privacy of our data? You can have the most secure system in the world, but if you manage to trick a person who already has access to let you in, it doesn't matter.
That is why many data theft techniques do not focus on breaching systems but on deceiving people. Sometimes it is easier, and with little effort, it can be semi-automated. This is the case of a new scam, which is not really new, it has been done for years in other countries. But its practice has recently spread in Spain and Latin America and has taken many by surprise.
So much so that the Catalan police, Mossos d 'Esquadra, have warned about these scam messages and the danger they represent, since they would take away access to your accounts and you would lose many of your data, social networks or even access to your bank accounts.
The attack increased in early 2020 but throughout the year, with the pandemic and with so many people at home, it has spread much more.
Have you received an SMS like this?
DO NOT ANSWER IT !!!
It is the message with the verification code for the installation. If you provide it to a third party, they will control your account on their device and with it, access to all your groups and contacts #NoPiques https://t.co/mkiaDcUvyK pic.twitter.com/WQ1dW8H7gK
- Civil Guard
🇪🇸(@guardiacivil) February 11, 2020
How the new WhatsApp scam works
It is as simple as it is effective. You get a message from a contact you know and they simply say, “Hi. I'm sorry. I sent you a 6-digit code by SMS by mistake. Can you pass it to me? It is urgent".
Phishing using social engineering is one of the oldest hacking techniques in computer security.
It is a phishing technique doing social engineering through identity theft. The attackers enter the phone number of the WhatsApp accounts they want to obtain and activate the verification process, which sends an SMS.
The attackers then pose as an acquaintance of the victim, using a WhatsApp account that they have already violated and of which they already have control. The latter is what makes many people not suspect that it is a social hacking attempt. And many, as is normal, fall.
This same practice could be used to try to access other accounts, not just WhatsApp. Because other services, including banks, use SMS verification, it is relatively easy to get access.
That is why it is so important to be very careful and never send SMS verification numbers to other people, even if they are contacts we know since it could be an attacker posing as someone else.
How to recover your account if you are a victim of this scam
There is a solution for those who have fallen for this type of phishing scams to try to impersonate their identity. Fortunately, the very technique used to steal an account is what makes it so easy to get it back.
Since WhatsApp relates a person and their account with the phone number, we only have to restart the login process to our WhatsApp and ask them to send the verification code again via SMS. Enter it and regain access.
We also recommend activating two-step verification to increase security and prevent these things from happening, because even if a third party obtains the six numbers from the SMS, they will not be able to access the account as they do not have the second password.
0 Comments