The Police of various Latin American countries have been warning about the increasingly common WhatsApp account theft. To achieve their mission, cybercriminals send verification codes, for example, as if they were from a technical service, Suptnik reports.
How does whatsapp account theft work?
Mainly, cybercriminals use these three modalities: Through a WhatsApp message from an account that pretends to be from the application's technical service In the message, the person is asked to verify whether the phone number they use in the account of the social network is related to the SIM card that the user currently has, and sends him a verification code that arrives by SMS or voice call.
If you get a verification code that you didn't ask for, be on the alert because it probably came from hackers. But another possibility is that the attacker requests the code by voice. In this case, you will receive a call and, if it is not answered, the verification code will be saved in the answering machine of the cell phone.
If you did not modify the password to access the answering machine and you use the one that comes with the cell phone by default, the attacker could easily access the verification code in order to log into WhatsApp from another device. That's why experts recommend changing your voicemail password. Through a friend contact who has been previously hacked.
The most frequent way is to send a message through a user contact who has previously been hacked with a message that says, for example: "You received a code by mistake on your cell phone but it is actually for me, can you tell me? give please? ”. If you do, you would be providing the verification code for hackers to take over your account and activate the second factor of authentication to protect the account.
QRLJacking code: It is given in case of using Web WhatsApp, where the user scans the QR code provided by the application to access the version for computers. The WhatsApp QR code stores information to validate user access to the web version, but does not offer any additional validation.
In this case, you should always access from the official website (https://web.whatsapp.com) and log out once the computer is no longer used.
How to prevent WhatsApp account theft?
To avoid this type of maneuvering, Interpol's Computer Crimes Department recommends: Activate two-step verification by entering WhatsApp in the “Account” section, located within the “Settings” or “Configuration” section, depending on the device model. .In case of receiving a message in which a verification code is provided, avoid sharing it with third parties by any means. Remember that the platform does not request information from its users through SMS, WhatsApp or other messaging services or through phone calls. If you receive a WhatsApp message from an unknown user, it is advisable to block and report the user through the options that will appear in the application. Check regularly on which devices your WhatsApp Web sessions are open and avoid opening sessions on shared devices. If you are the victim of a maneuver of this type, notify your contacts and report what happened to the corresponding authorities.
How to recover the account?
Sign up for WhatsApp with your phone number and enter the six-digit code that you receive by SMS to verify the number. Once you enter the six-digit code sent by SMS, the person with access to your account will be automatically logged out. You may also be asked to enter a two-step verification code. If you don't know that code, the person with access to your account may have activated XNUMX-Step Verification. In that case, you must wait seven days before you can verify your number without the two-step verification code. Regardless of whether you know the two-step verification code or not, the session of the person with access to your account will be closed as soon as you enter the six-digit code sent by SMS.