“This is a very smart attack, because cybercriminals use the company’s own security measures to turn them into a vulnerability”
Attacks through SMS campaigns to steal WhatsApp accounts have increased in recent months and cybercriminals impersonate the application’s technical support, as reported by the cybersecurity company Panda Security.
The attackers use as a pretext an alleged ‘illegitimate login’ in their first message, which they send as a WhatsApp chat and in which they ensure that the user’s phone number has registered a new account in the application – something that in reality it is not possible, because only one account can be created for each phone number.
In order to ‘corroborate’ that the person they are talking to is the owner of that account, cybercriminals ask you to resend a security code that you will receive in a few minutes via SMS, as reported by Panda it’s a statement.
The trick is that, shortly after, the same attackers try to start a session with the victim’s phone number who, immediately afterwards, receives a real SMS from WhatsApp with the six-number security code to access the account . If the victim sends this code to the cybercriminals, they completely lose control of their account and are handing over their username to the attackers.
In fact, there is the possibility that hackers continue to harm their victim, since they impersonate their identity to steal the WhatsApp accounts of their contacts .
“This is a very intelligent attack , because cybercriminals use the company’s own security measures to turn them into a vulnerability”, highlights Hervé Lambert, Global Consumer Operations Manager at Panda Security.