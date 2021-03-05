The cybercriminals they return to the load with virtual scams that have as their favorite target Whatsapp. Using an old technique, known as social engineering, attackers manage to fool users and thus obtain a six-digit authentication code that grants them full access to the platform, among other private data.

As happened during the period of isolation due to the coronavirus pandemic, where cyber attacks grew by at least 70%, The new WhatsApp scam is as simple as it is effective.

The user unexpectedly receives a message from a contact that simply says: “Hello. I’m sorry. I sent you a 6-digit code by SMS by mistake. Can you pass it on to me? It is urgent”.

This practice is none other than one more case of identity fraud (phishing) through social engineering, one of the oldest hacking techniques in computer security.

In this case, the attackers enter the phone number of the WhatsApp accounts they want to obtain and activate the verification process, which sends an SMS.

Later, they pose as an acquaintance of the victim, using a WhatsApp account that they have already violated and of which they already have control. The latter is what makes many people not suspect that it is a social hacking attempt. And many, as is normal, fall.

This same practice could be used to try to access other accounts, not just WhatsApp. Because other services, including banks, use verification via SMS, a relatively easy means of gaining access.

That is why it is so important to be extremely careful and never send SMS verification numbers to other people, even if they are contacts we know, since it could be an attacker posing as someone else.

How users can protect themselves

According to the computer security specialists at Avast, users should follow a series of tips to avoid falling for WhatsApp cloning scams:

Enable two-factor authentication. When you enable two-factor authentication in WhatsApp settings, the attacker will have to enter the two-factor authentication PIN in addition to the code they receive via SMS, making the account much more difficult to infiltrate.

Sharing is not always trusting. Never share authentication codes with other people, including friends and family. No one should ask for any kind of verification code on WhatsApp. If someone tells you that they need to verify an account, it is probably a scam.

Avoid sharing your phone number. If you need someone to contact you, it is best to give them your email address. Telephone numbers, which WhatsApp uses to identify users, are relatively easy to come by, and many people do not consider them a secret, so they can be available on their social media profiles, entered to receive some service and then sold with marketing purposes, or may be part of a database leak or sold on the darknet.

4. Regain control If you suspect that your WhatsApp account has been compromised, log into WhatsApp with your phone number and verify it by entering the code you received by SMS.

How to recover your account

As the courier service relates a person and their account with the telephone number, it will only be necessary to restart the authentication process to our WhatsApp and ask them to resend the verification code via SMS.

Once entered, access is guaranteed. This causes the session to be closed for other users, returning control to you as the original user of the account.

If you were a victim of cybercriminals, there is a solution, even if everything indicates otherwise. Fortunately, the very technique used to steal an account is what makes it so easy to get it back.

SL