A new type of cyber attack detected in recent weeks robs victims of WhatsApp accounts, taking advantage of the trust they have in their contacts, as warned by the cyber security company Check Point.
When a user changes phones and wants to transfer their WhatsApp account, the technology company sends an SMS authentication to the old phone number so that they can enter it in the new one.
This process allows you to change the WhatsApp application from one number to another. However, it is also the cybercriminal’s gateway to the victim’s account. “The first thing to know about this cyber attack is that the main asset for the cyber criminal is to take advantage of the victim’s trust,” says Eusebio Nieva, technical director of Check Point for Spain and Portugal.
“For this reason, the way to carry out this attack is based on the fact that, previously, this cyber criminal managed to attack one of the contacts of the victim in question and steal all the phone numbers he had,” he added.
In this way, he receives the victim’s number, which he uses to write on WhatsApp and to request the SMS code for authentication. Then, pretending to be a known contact, he writes to the victim requesting the code, claiming that they were wrong to send it.
“The essential thing for this cyber attack is that the victim trusts the number that speaks to him, because when he meets him he trusts. Simple but effective,” the manager emphasizes.
Stealing a WhatsApp account opens the door to other attacks, for example, against contacts you have in your phonebook. Thus, you can send an SMS with a link that redirects to a site with “malware” or you can send a message via WhatsApp such as “look how interesting, download it”, also with a malicious link.
However, it can also lead to the infection of the mobile device to gain access to various applications and movements of the victim or to introduce a banking Trojan on the device to steal bank details and thus obtain a financial benefit.
Account recovery is not easy. “The only way would be to talk to WhatsApp to inform them about the theft of the account and for them to automatically cancel that account with that phone number,” explains the manager. In addition, it would be necessary to report what happened to the Civil Guard or the National Police, so that they could monitor the phone and “check all possible communications it had with other users and minimize the victims.”
To protect against this type of attack, “the most important thing is that when a person receives an SMS to read it carefully,” says Nieva. “It’s essential to remember that you have to be very careful with the codes that are sent and know that you should never send a code that you receive to anyone, no matter what I tell you or anyone who asks for it,” he concludes.