WhatsApp was until recently the most downloaded app in the world, a throne from which TikTok has separated it. Even so, it is the most famous messaging service and, therefore, the one that cybercriminals try to hack the most . In recent months, a modus operandi has become fashionable to steal the identity of accounts using the verification SMS sent by the company itself.
According to the Panda Security company , the system of sending a message to the victim posing as the technical service has become popular. In the text, as can be seen in the image below, they indicate that someone would have registered a WhatsApp account with the same phone number as the victim. They talk about not being able to determine if there is an “illegitimate login.”
Hackers Pretend Victims Pass The Account Verification Code To Them
This message from the supposed technical support team is sent from WhatsApp, but at the same time an SMS with a verification code would reach the victim . The latter would be the target of the hackers: “We have sent you an identity verification request to verify the [SMS] root. If you fail to pass the verification or abandon the attempt, an indefinite suspension will be generated ”. They make the user believe that they can lose access to their account if they do not provide the code, something the application never does via conversation.
If the victim sends that code to the hackers, they will instantly lose control of their account and will be giving up their username. From there, cybercriminals would have full access to private conversations and contact lists, with which to continue expanding their account thefts following the same strategy or impersonating the victim for other purposes.
This would be the message they send before stealing a WhatsApp account
This would be the message they send before stealing a WhatsApp account (Panda Security)
Each WhatsApp account is linked to a phone number and not to the mobile device, so every time a user changes their smartphone they need to request the verification code that arrives via SMS. A system that is used so that there can be no phones using the same WhatsApp account at the same time. When the same user asks for that six-digit password, it is automatically entered into the app when the message is received and WhatsApp starts working.
“This is a very smart attack, because cybercriminals use the company’s own security measures to turn them into a vulnerability,” warns Hervé Lambert, Global Consumer Operations Manager at Panda Security.
This type of cyberattack is a crime against privacy that can carry penalties of between one and four years in prison. When these messages are received, it is best to ignore it or bring it to the attention of the police to report it.