In recent months, an increase in attacks to steal WhatsApp accounts through various SMS has been detected. According to the Spanish cybersecurity company Panda Security , cybercriminals begin by sending a first message through WhatsApp itself to their victim, in which they pose as the company’s technical support team.
In the text, the criminals indicate that someone has recently registered a WhatsApp account with the same phone number as the victim, with what could be “an illegitimate login.” In order to “confirm” that the person they are talking to is the owner of that account, they ask him to resend them a security code that he will receive in a few minutes via SMS .
The trick is that, shortly after, the same attackers try to start a session with the phone number of the victim who, immediately afterwards, receives an SMS from WhatsApp with a security code . If the victim sends this code to the cybercriminals, they completely lose control of their account and are handing over their username to the attackers.
From there, cybercriminals can communicate with the entire contact list of the victim without anyone being suspicious. In fact, there is the possibility that hackers continue to harm their victim, since they impersonate their identity to steal the WhatsApp accounts of their contacts.
Following the same method, hackers send everyone on their phonebook a WhatsApp message telling them that they have problems with their account and that they have requested a security code on WhatsApp so that they can please forward it to them. In this way, just by stealing access to a WhatsApp account, attackers can take over many others in a viral way .
“This is a very smart attack, because cybercriminals use the company’s own security measures to turn them into a vulnerability”, highlights Hervé Lambert, Global Consumer Operations Manager at Panda Security.
The cybersecurity company also points out that it is almost paradoxical that, although WhatsApp is the most widespread platform to communicate over the internet between mobile devices, the identity of each user is linked to their telephone number . It is a unique identifier that makes the application unable to work on more than one phone at the same time.
For this reason, when a user changes their “smartphone” or reinstalls the application, WhatsApp needs to verify by means of an SMS that the device is linked to the user’s phone number. Thus, the platform sends a verification SMS with a six-digit code that allows WhatsApp to work on that device.
Fortunately, in the event that we are victims of a WhatsApp theft, the application does not restore any backup copies of the messages, as these remain in the “backup” of the phone itself, not in the WhatsApp cloud.
Everybody wants to “hack” it
Even so, this is not the only method to steal accounts of the famous instant messaging app. If you search the internet for ” how to hack WhatsApp ” you will find about 2.5 million results in less than 0.4 seconds. This extremely high number of pages reveals that, despite how illegal and immoral it is to spy on someone else’s private conversations, there are many who try and, therefore, many others who succeed. It is a crime against privacy that can carry penalties of between one and four years in prison and that, unfortunately, is more common than you might think.
The popularity of this “app” has made it the number one target of many organized cybercriminal networks. But it is also something that “amateur hackers” try who do not even know how serious it is to intercept a private conversation in any application.
For this reason, certain prevention measures must be taken into account when using the application itself if you want to avoid prying eyes. In addition to having an antivirus that ensures all of your digital security, not just that of a single device or a single app, it is important to have two-step authentication that, for example, WhatsApp provides.
On the other hand, if you use WhatsApp on your computer, either through the “app” or through a browser, make sure that your pc meets the same security requirements as your mobile.