WhatsApp users have reported in recent weeks to new scam which began to be distributed between chat groups and that can detect the account by accessing the answering machine.
The apparent method used by cybercriminals is that of exploit a security flaw in the account verification processbut you can very well disable it with the tools currently offered by the messaging app.
Despite the ongoing security measures that WhatsApp has implemented in recent years to protect users’ privacy and information, this new way of stealing the account no need for suspicious links or rogue apps.
Cyber criminals will first try to install the app on their devices using a real phone number of a legitimate user.
It is common that when creating a new account or re-registering on another device, you need to register the phone number in WhatsApp. To confirm that it is owned by the user, the app requires that a 6-digit registration code sent via SMS or phone call.
If the second option is chosen, the platform will make an automatic call to the victim with that code dictated.
For this they use two tactics: they try at night, when many people have their phones turned off or do not answer, or during a call to the victim with some false excuse so that while they speak, incoming calls go to the answering machine.
Since the victim does not have the phone available, is asleep or has simply turned it off, the automated message goes to the answering machine. In addition, almost all mobile phone companies allow remote access to the mailbox with the same number for all users and with a four-digit PIN code.
In this way, to access the voicemail, the scammer only has to call and prove the password, which, if the victim has never changed it, it is usually a simple combination like 0000 or 1234. Therefore, you can listen to the verification code and log into the user’s WhatsApp.
How to prevent theft of your WhatsApp account
The main security tool to avoid this type of phone scam is to activate the two-factor authentication in your WhatsApp account. To add an extra layer of protection to the information and contacts on your mobile, you need to access the option Settings> Accounts> Two-Step Verification> in both Android and iOS versions.
Also, the user will have to provide an email address you have access to reset 2-Step Verification if you forget your PIN and to protect your account.
WhatsApp: the most common scams
The messaging service has repeatedly affirmed its fight against mass sending of messages, which on many occasions aims to viralize various types of scams through chat groups. To counter this cybercrime, the platform, owned by Meta, uses several tools that use artificial intelligence and automatic detection of potential threats.
Likewise, the messaging service has the ability to previously detect the massive registration of automated accounts which are a major source of phishing in chat groups.
According to official data, 75% of accounts are automatically suspended without having a human user behind them. This equates to nearly 8 million per month globally. In addition to computer scams, the main causes of such cancellations are related to fraud and violations of the terms of service.
WhatsApp: how to spot a potential cyber scam
Although the main security measure of the messaging service is end-to-end encryption, WhatsApp has introduced other measures to combat cybercrime on its platform through the message forwarding limit.
In recent years, the number of five senders to a single chat at once, something that, according to the company, has helped them reduce “worldwide forwarding rate from 25% to 75%”.
Similarly, a “double date” label was introduced in the app last year to indicate that a message has been forwarded multiple times.
To spread a virtual scam to all chats, the user will have to forward the same message to all chats one by one, so in addition to being a restriction, it is a dissuasive measure. “The introduction of friction in small parts significantly reduces the potential harm of a cybercriminal,” admitted Paloma Szerman, head of public policy for WhatsApp in Latin America.
Beyond the recommendations of the messaging service, the critical eye of the user and the understanding of the tools in his favor becomes more than necessary to reduce the potential dangers within the app.
For example, government chat accounts – PAMI, Tina, or Booty – are identified by a green check mark confirming that they are a genuine and pending corporate account.
Another important tool to consider is the message report. If a message looks suspicious or sounds too good to be true, in principle, it shouldn’t be opened or shared.
The official recommendation is to challenge the report, block the sender and delete the message. First you need to click on the fraudulent text or link, go to the three dots on the top right margin of the app and select the “Report” option.
How to protect your WhatsApp account from scams
They also shared tips from the Ministry of Security of the Nation to keep chats away from potential virtual scams. To do this, users should follow these recommendations:
• Never share your activation code. It is the six-digit code that you receive via SMS message.
• Establish a personal PIN so that your account is doubly protected. Settings / Settings> Accounts> Two-Step Verification> Activate.
• Make sure that your profile picture is only seen by your contacts. Settings / Settings> Account> Privacy> Profile picture> My contacts.
• If a family member or friend makes an unusual request on WhatsApp, call the person to confirm their identity.
SL
Source: Clarin
